Filename: a99afbf77d191687ed261a7a5784034fb7903ecc220426c18bc573fb6f1dd098.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etproenall-all
Runtime: 34.8071949482 seconds
Hash: 89ebc2073ed212740b94b40530e584c1
Uploaded: 1564035730

Logfiles


suricata-4.0.0-etproenall-all-perf.txt-2019-07-25-T-06-22-45-07252019.0622-a99afbf77d191687ed261a7a5784034fb7903ecc220426c18bc573fb6f1dd098.pcap.txt - (100182 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 7/25/2019 -- 06:22:45. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2016537      1        2        246465510    2.36   5823     0        26099432    42326.21    0.00        42326.21   
  2        2001383      1        12       114338066    1.10   5847     0        22961148    19555.00    0.00        19555.00   
  3        2100623      1        7        197267952    1.89   11725    0        22264110    16824.56    0.00        16824.56   
  4        2002500      1        5        82114374     0.79   5830     0        16762160    14084.80    0.00        14084.80   
  5        2002555      1        5        91896334     0.88   5830     0        13180822    15762.66    0.00        15762.66   
  6        2002528      1        5        91439442     0.88   5830     0        13157418    15684.30    0.00        15684.30   
  7        2100417      1        6        5457100      0.05   3        0        5410386     1819033.33  0.00        1819033.33 
  8        2002526      1        5        80558262     0.77   5830     0        2802026     13817.88    0.00        13817.88   
  9        2002558      1        7        79642564     0.76   5830     0        1209444     13660.82    0.00        13660.82   
  10       2002574      1        5        62399332     0.60   5830     0        951548      10703.14    0.00        10703.14   
  11       2001379      1        12       67275984     0.64   5847     0        869646      11506.07    0.00        11506.07   
  12       2000540      1        8        260029558    2.49   5881     0        476216      44215.19    0.00        44215.19   
  13       2000544      1        7        202006918    1.94   5881     0        448740      34349.08    0.00        34349.08   
  14       2017612      1        5        925763996    8.87   5823     5790     434166      158984.03   159632.46   45214.55   
  15       2100628      1        8        116082574    1.11   11725    0        432594      9900.43     0.00        9900.43    
  16       2100527      1        9        174348128    1.67   11728    0        426314      14865.97    0.00        14865.97   
  17       2002534      1        5        92569798     0.89   5830     0        402084      15878.18    0.00        15878.18   
  18       2017552      1        6        210555862    2.02   5830     0        374694      36115.93    0.00        36115.93   
  19       2002538      1        5        93192516     0.89   5830     0        338724      15984.99    0.00        15984.99   
  20       2002511      1        4        91944592     0.88   5830     0        331120      15770.94    0.00        15770.94   
  21       2002704      1        5        93783150     0.90   5830     0        329230      16086.30    0.00        16086.30   
  22       2000538      1        8        262369536    2.51   5881     0        328214      44613.08    0.00        44613.08   
  23       2002508      1        5        93038410     0.89   5830     0        326832      15958.56    0.00        15958.56   
  24       2002531      1        5        92472338     0.89   5830     0        326620      15861.46    0.00        15861.46   
  25       2002515      1        5        93336368     0.89   5830     0        324000      16009.67    0.00        16009.67   
  26       2002525      1        5        93454884     0.90   5830     0        323434      16030.00    0.00        16030.00   
  27       2002514      1        5        89847938     0.86   5830     0        319924      15411.31    0.00        15411.31   
  28       2002530      1        5        91013012     0.87   5830     0        316150      15611.15    0.00        15611.15   
  29       2002557      1        5        78442754     0.75   5830     0        314690      13455.02    0.00        13455.02   
  30       2001328      1        13       63718166     0.61   5847     0        310564      10897.58    0.00        10897.58   
  31       2002541      1        5        78518430     0.75   5830     0        307106      13468.00    0.00        13468.00   
  32       2002521      1        6        78528080     0.75   5830     0        304106      13469.65    0.00        13469.65   
  33       2002509      1        5        78587580     0.75   5830     0        303758      13479.86    0.00        13479.86   
  34       2002549      1        5        58837106     0.56   5830     0        301020      10092.13    0.00        10092.13   
  35       2002512      1        4        78845148     0.76   5830     0        295142      13524.04    0.00        13524.04   
  36       2002501      1        5        65236478     0.63   5830     0        291254      11189.79    0.00        11189.79   
  37       2001022      1        5        174823788    1.68   11725    0        287504      14910.34    0.00        14910.34   
  38       2101321      1        9        116377780    1.12   11728    0        286502      9923.07     0.00        9923.07    
  39       2001982      1        8        53192308     0.51   5830     0        284190      9123.90     0.00        9123.90    
  40       2002537      1        5        71217016     0.68   5830     0        280502      12215.61    0.00        12215.61   
  41       2002658      1        4        61576346     0.59   5847     0        276458      10531.27    0.00        10531.27   
  42       2001023      1        5        115835104    1.11   11725    0        269504      9879.33     0.00        9879.33    
  43       2102113      1        4        29755026     0.29   5811     0        268814      5120.47     0.00        5120.47    
  44       2024565      1        3        393422       0.00   3        0        260550      131140.67   0.00        131140.67  
  45       2823263      1        3        426838       0.00   3        0        257450      142279.33   0.00        142279.33  
  46       2002556      1        5        81246342     0.78   5830     0        243032      13935.91    0.00        13935.91   
  47       2002551      1        5        64921572     0.62   5830     0        236622      11135.78    0.00        11135.78   
  48       2002504      1        5        65086298     0.62   5830     0        231936      11164.03    0.00        11164.03   
  49       2821909      1        2        415822       0.00   3        0        231262      138607.33   0.00        138607.33  
  50       2017948      1        2        78038310     0.75   5823     0        228796      13401.74    0.00        13401.74   
  51       2001382      1        12       79262592     0.76   5847     0        226426      13556.11    0.00        13556.11   
  52       2002559      1        5        77680996     0.74   5830     0        225474      13324.36    0.00        13324.36   
  53       2002517      1        4        78244450     0.75   5830     0        221444      13421.00    0.00        13421.00   
  54       2002513      1        4        77562202     0.74   5830     0        219646      13303.98    0.00        13303.98   
  55       2002516      1        5        77893572     0.75   5830     0        218942      13360.82    0.00        13360.82   
  56       2002532      1        5        78370704     0.75   5830     0        218942      13442.66    0.00        13442.66   
  57       2002539      1        5        77489520     0.74   5830     0        216890      13291.51    0.00        13291.51   
  58       2001381      1        12       77045736     0.74   5847     0        216308      13176.97    0.00        13176.97   
  59       2002510      1        4        77096128     0.74   5830     0        215850      13224.04    0.00        13224.04   
  60       2002519      1        5        78046998     0.75   5830     0        205878      13387.14    0.00        13387.14   
  61       2825587      1        2        459890       0.00   4        0        203168      114972.50   0.00        114972.50  
  62       2002535      1        5        77754500     0.75   5830     0        203124      13336.96    0.00        13336.96   
  63       2002505      1        5        65208336     0.62   5830     0        201216      11184.96    0.00        11184.96   
  64       2002570      1        5        71224590     0.68   5830     0        189512      12216.91    0.00        12216.91   
  65       2002546      1        5        64562586     0.62   5830     0        188394      11074.20    0.00        11074.20   
  66       2002569      1        5        72287488     0.69   5830     0        177306      12399.23    0.00        12399.23   
  67       2816940      1        2        569936       0.01   7        0        173052      81419.43    0.00        81419.43   
  68       2002524      1        7        72147940     0.69   5830     0        170080      12375.29    0.00        12375.29   
  69       2002548      1        5        62414248     0.60   5830     0        167046      10705.70    0.00        10705.70   
  70       2002568      1        5        60730570     0.58   5830     0        166964      10416.91    0.00        10416.91   
  71       2815806      1        7        607348       0.01   7        0        164528      86764.00    0.00        86764.00   
  72       2100502      1        3        116454170    1.12   11728    0        163202      9929.58     0.00        9929.58    
  73       2001375      1        12       67898950     0.65   5847     0        162326      11612.61    0.00        11612.61   
  74       2001380      1        12       61457756     0.59   5847     0        162240      10510.99    0.00        10510.99   
  75       2009293      1        1        67903406     0.65   5847     0        157148      11613.38    0.00        11613.38   
  76       2002544      1        5        70469256     0.68   5830     0        156182      12087.35    0.00        12087.35   
  77       2002550      1        5        61072572     0.59   5830     0        151622      10475.57    0.00        10475.57   
  78       2009294      1        1        62232576     0.60   5847     0        150352      10643.51    0.00        10643.51   
  79       2009414      1        4        58166802     0.56   11725    0        150062      4960.92     0.00        4960.92    
  80       2001377      1        12       66986652     0.64   5847     0        149074      11456.58    0.00        11456.58   
  81       2002523      1        5        67212344     0.64   5830     0        148970      11528.70    0.00        11528.70   
  82       2001983      1        8        52188572     0.50   5830     0        147784      8951.73     0.00        8951.73    
  83       2002572      1        5        62935014     0.60   5830     0        147230      10795.03    0.00        10795.03   
  84       2002554      1        5        67273204     0.64   5830     0        145282      11539.14    0.00        11539.14   
  85       2801186      1        2        29670560     0.28   5826     0        145188      5092.78     0.00        5092.78    
  86       2017259      1        12       388806       0.00   4        0        143158      97201.50    0.00        97201.50   
  87       2001376      1        12       66134364     0.63   5847     0        142024      11310.82    0.00        11310.82   
  88       2815804      1        8        311854       0.00   3        0        139786      103951.33   0.00        103951.33  
  89       2102437      1        9        373302       0.00   7        0        136406      53328.86    0.00        53328.86   
  90       2816895      1        2        300374       0.00   3        0        133992      100124.67   0.00        100124.67  
  91       2810581      1        3        501082       0.00   8        0        133140      62635.25    0.00        62635.25   
  92       2816909      1        2        712134       0.01   7        0        131100      101733.43   0.00        101733.43  
  93       2811826      1        7        241098       0.00   3        0        129170      80366.00    0.00        80366.00   
  94       2021718      1        4        268346       0.00   3        0        128000      89448.67    0.00        89448.67   
  95       2801156      1        2        29406218     0.28   5851     0        127804      5025.84     0.00        5025.84    
  96       2022901      1        2        530282       0.01   7        0        127668      75754.57    0.00        75754.57   
  97       2816927      1        3        487084       0.00   7        0        127284      69583.43    0.00        69583.43   
  98       2002503      1        5        65973716     0.63   5830     0        126598      11316.25    0.00        11316.25   
  99       2002506      1        5        64862450     0.62   5830     0        126262      11125.63    0.00        11125.63   
  100      2002571      1        5        64931484     0.62   5830     0        126206      11137.48    0.00        11137.48   
  101      2822801      1        2        382168       0.00   8        0        125470      47771.00    0.00        47771.00   
  102      2820786      1        2        349264       0.00   4        0        125344      87316.00    0.00        87316.00   
  103      2002547      1        5        64776096     0.62   5830     0        125292      11110.82    0.00        11110.82   
  104      2816929      1        4        446102       0.00   7        0        123634      63728.86    0.00        63728.86   
  105      2002573      1        5        65211880     0.62   5830     0        122842      11185.57    0.00        11185.57   
  106      2008468      1        4        359350       0.00   4        4        121634      89837.50    89837.50    0.00       
  107      2002561      1        5        63198844     0.61   5830     0        121546      10840.28    0.00        10840.28   
  108      2808851      1        4        203860       0.00   3        0        121220      67953.33    0.00        67953.33   
  109      2024455      1        2        249090       0.00   3        0        121082      83030.00    0.00        83030.00   
  110      2816910      1        2        669016       0.01   7        0        120380      95573.71    0.00        95573.71   
  111      2002497      1        5        60640550     0.58   5830     0        120184      10401.47    0.00        10401.47   
  112      2017930      1        10       290120       0.00   4        4        119344      72530.00    72530.00    0.00       
  113      2002507      1        5        64488902     0.62   5830     0        118534      11061.56    0.00        11061.56   
  114      2810991      1        4        350396       0.00   4        0        117514      87599.00    0.00        87599.00   
  115      2002543      1        5        60148086     0.58   5830     0        117128      10317.00    0.00        10317.00   
  116      2002567      1        5        62160874     0.60   5830     0        117040      10662.24    0.00        10662.24   
  117      2816925      1        3        516654       0.00   7        0        116652      73807.71    0.00        73807.71   
  118      2816922      1        5        472658       0.00   7        0        114216      67522.57    0.00        67522.57   
  119      2021139      1        2        353150       0.00   4        0        113904      88287.50    0.00        88287.50   
  120      2811905      1        3        236768       0.00   3        0        113326      78922.67    0.00        78922.67   
  121      2802905      1        4        498962       0.00   70       0        112934      7128.03     0.00        7128.03    
  122      2820992      1        4        378586       0.00   4        0        112532      94646.50    0.00        94646.50   
  123      2811827      1        6        239196       0.00   3        0        112504      79732.00    0.00        79732.00   
  124      2020964      1        2        213026       0.00   3        0        112082      71008.67    0.00        71008.67   
  125      2020890      1        3        3

This file has been truncated. Go here to download in full.


packet_stats.log - (11441 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             3         21361498       32481426      26071259         78.2m    0.00
 IPv4       6         11725         20280616    17386580000    8878064664     104095.3b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             3          2835030       10647982       7201833         21.6m    0.12
TMM_FLOWWORKER              IPv4       6         11725           338538       30743354       1513686         17.7b   98.95
TMM_RECEIVEPCAPFILE         IPv4       1             3             4520           4716          4612         13.8k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6         11725             4424       15137784          6605         77.5m    0.43
TMM_DECODEPCAPFILE          IPv4       1             3             4702          23656         11088         33.3k    0.00
TMM_DECODEPCAPFILE          IPv4       6         11725             4546       13988226          7625         89.4m    0.50

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6         11725             4684          87014          5618         65.9m  0.38  
stream                  IPv4       6         11725             4714         489248         15488        181.6m  1.04  
detect                  IPv4       1             3          2704764        7959796       4576988         13.7m  0.08  
detect                  IPv4       6         11725           298830       30438220       1460409         17.1b  98.14 
tcp-prune               IPv4       6         11725             4436         123454          5326         62.5m  0.36  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             7            17084          69998         27886        195.2k  100.00

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       1             3            24538         184284         81344        244.0k  2.06  
LOGGER_ALERT_FAST           IPv4       6             4            49398          96042         74163        296.7k  2.50  
LOGGER_UNIFIED2             IPv4       1             3            27954         132880         65086        195.3k  1.65  
LOGGER_UNIFIED2             IPv4       6             4            53834         239988        122293        489.2k  4.13  
LOGGER_JSON_ALERT           IPv4       1             3            54408        7238078       2453363          7.4m  62.11 
LOGGER_JSON_ALERT           IPv4       6             4            91632         129332        114210        456.8k  3.86  
LOGGER_JSON_HTTP            IPv4       6             7            75356         406926        137067        959.5k  8.10  
LOGGER_JSON_FILE            IPv4       6            14            60090         487542        132022          1.8m  15.60 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             3             5032          15846         10081        30.2k  0.00  
payload                           IPv4       6          5844             4760       13227950         32954       192.6m  19.98 
stream                            IPv4       6          5844             4416       15447206         32192       188.1m  19.52 
http_uri                          IPv4       6             7            16164         200174         63862       447.0k  0.05  
http_request_line                 IPv4       6             7             8886          21830         11450        80.2k  0.01  
http_client_body                  IPv4       6          5823             4452         794564         90773       528.6m  54.83 
http_header (request)             IPv4       6             7            88740         840430        250317         1.8m  0.18  
http_header (request trailer)     IPv4       6             7             4610           6704          5134        35.9k  0.00  
http_header_names (request)       IPv4       6             7            22704         101328         34968       244.8k  0.03  
http_accept (request)             IPv4       6             7             7938          27272         13886        97.2k  0.01  
http_referer (request)            IPv4       6             7             5190           6110          5417        37.9k  0.00  
http_content_len (request)        IPv4       6             7             6046          18700          8441        59.1k  0.01  
http_content_type (request)       IPv4       6             7            12612          42170         19942       139.6k  0.01  
http_protocol (request)           IPv4       6             7             8620          32334         12427        87.0k  0.01  
http_start (request)              IPv4       6             7            12664          36670         18881       132.2k  0.01  
http_raw_header (request)         IPv4       6          5823             6580          74284          8530        49.7m  5.15  
http_method                       IPv4       6             7             7656          42590         13473        94.3k  0.01  
http_cookie (request)             IPv4       6             7             5202           7364          5651        39.6k  0.00  
http_raw_uri                      IPv4       6             7             7654          34096         12317        86.2k  0.01  
http_user_agent                   IPv4       6             7            34370         262138         83528       584.7k  0.06  
http_host                         IPv4       6             7             6406          40258         11871        83.1k  0.01  
http_response_line                IPv4       6             7             9972          40358         15483       108.4k  0.01  
http_header (response)            IPv4       6             7            37520         191076         64035       448.2k  0.05  
http_header (response trailer)    IPv4       6             7             4508           4588          4534        31.7k  0.00  
http_content_type (response)      IPv4       6             7             9680          45026         15463       108.2k  0.01  
http_raw_header (response)        IPv4       6             7            14936          32428         17999       126.0k  0.01  
http_cookie (response)            IPv4       6             7             4966          10384          5867        41.1k  0.00  
http_stat_msg                     IPv4       6             7             7464          25082         10858        76.0k  0.01  
http_stat_code                    IPv4       6             7             7268          25594         10315        72.2k  0.01  
Total                             IPv4                 23505                                         41012       964.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             3            52766         130620         88026        264.1k  0.00  
PROF_DETECT_IPONLY          IPv4       6            14            68642         359904        111953          1.6m  0.01  
PROF_DETECT_RULES           IPv4       1             3          2503500        7785320       4344424         13.0m  0.07  
PROF_DETECT_RULES           IPv4       6         11725           221232       29770296       1231049         14.4b  79.69 
PROF_DETECT_STATEFUL_START    IPv4       6          5837             9088        5940424         40162        234.4m  1.29  
PROF_DETECT_STATEFUL_CONT    IPv4       1             3             4410           4546          4482         13.4k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6         11725             4424         369036         28901        338.9m  1.87  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6         11697             4464          90100          5118         59.9m  0.33  
PROF_DETECT_PREFILTER       IPv4       1             3            33054          68124         47083        141.2k  0.00  
PROF_DETECT_PREFILTER       IPv4       6         11725            13918       15618144        128989          1.5b  8.35  
PROF_DETECT_PF_PAYLOAD      IPv4       1             3            14230          25012         19269         57.8k  0.00  
PROF_DETECT_PF_PAYLOAD      IPv4       6          5844            31042       15467468         79690        465.7m  2.57  
PROF_DETECT_PF_TX           IPv4       6         11697             4592        1813284         60254        704.8m  3.89  
PROF_DETECT_PF_SORT1        IPv4       6          5851             4420          77360          5166         30.2m  0.17  
PROF_DETECT_PF_SORT2        IPv4       1             3             4842           7306          6172         18.5k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6         11725             4478        5076338          6049         70.9m  0.39  
PROF_DETECT_NONMPMLIST      IPv4       1             3             4990           7870          6437         19.3k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6         11725             4586         303504          5561         65.2m  0.36  
PROF_DETECT_ALERT           IPv4       1             3            17872          58306         34704        104.1k  0.00  
PROF_DETECT_ALERT           IPv4       6         11725             4420          42794          5131         60.2m  0.33  
PROF_DETECT_CLEANUP         IPv4       1             3             4476           4984          4646         13.9k  0.00  
PROF_DETECT_CLEANUP         IPv4       6         11725             4480         278308          5267         61.8m  0.34  
PROF_DETECT_GETSGH          IPv4       1             3             4694           4752          4722         14.2k  0.00  
PROF_DETECT_GETSGH          IPv4       6         11725             4406          94502          5125         60.1m  0.33  


suricata-report-2019-07-25-T-06-22-45-07252019.0622-a99afbf77d191687ed261a7a5784034fb7903ecc220426c18bc573fb6f1dd098.pcap.txt - (18685 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/89ebc2073ed212740b94b40530e584c151cf25896b6b2454fe89507ba3b24642 -r /var/pcap/07252019.0622-a99afbf77d191687ed261a7a5784034fb7903ecc220426c18bc573fb6f1dd098.pcap -vvv -k none
elapsedtime:33.709848
stderr:
stdout:
25/7/2019 -- 06:22:11 - <Info> - Configuration node 'rule-files' redefined.
25/7/2019 -- 06:22:11 - <Notice> - This is Suricata version 4.0.0 RELEASE
25/7/2019 -- 06:22:11 - <Info> - CPUs/cores online: 1
25/7/2019 -- 06:22:11 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32046 and 'request-body-inspect-window' set to 16706 after randomization.
25/7/2019 -- 06:22:11 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32665 and 'response-body-inspect-window' set to 16708 after randomization.
25/7/2019 -- 06:22:11 - <Config> - DNS request flood protection level: 500
25/7/2019 -- 06:22:11 - <Config> - DNS per flow memcap (state-memcap): 524288
25/7/2019 -- 06:22:11 - <Config> - DNS global memcap: 16777216
25/7/2019 -- 06:22:11 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
25/7/2019 -- 06:22:11 - <Config> - preallocated 1000 hosts of size 136
25/7/2019 -- 06:22:11 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
25/7/2019 -- 06:22:11 - <Config> - using magic-file /usr/share/file/magic
25/7/2019 -- 06:22:11 - <Config> - Core dump size is unlimited.
25/7/2019 -- 06:22:11 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
25/7/2019 -- 06:22:11 - <Config> - preallocated 1000 defrag trackers of size 168
25/7/2019 -- 06:22:11 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
25/7/2019 -- 06:22:11 - <Config> - stream "prealloc-sessions": 2048 (per thread)
25/7/2019 -- 06:22:11 - <Config> - stream "memcap": 33554432
25/7/2019 -- 06:22:11 - <Config> - stream "midstream" session pickups: disabled
25/7/2019 -- 06:22:11 - <Config> - stream "async-oneside": disabled
25/7/2019 -- 06:22:11 - <Config> - stream "checksum-validation": disabled
25/7/2019 -- 06:22:11 - <Config> - stream."inline": disabled
25/7/2019 -- 06:22:11 - <Config> - stream "bypass": disabled
25/7/2019 -- 06:22:11 - <Config> - stream "max-synack-queued": 5
25/7/2019 -- 06:22:11 - <Config> - stream.reassembly "memcap": 134217728
25/7/2019 -- 06:22:11 - <Config> - stream.reassembly "depth": 0
25/7/2019 -- 06:22:11 - <Config> - stream.reassembly "toserver-chunk-size": 2491
25/7/2019 -- 06:22:11 - <Config> - stream.reassembly "toclient-chunk-size": 2519
25/7/2019 -- 06:22:11 - <Config> - stream.reassembly.raw: enabled
25/7/2019 -- 06:22:11 - <Config> - stream.reassembly "segment-prealloc": 2048
25/7/2019 -- 06:22:11 - <Config> - Delayed detect disabled
25/7/2019 -- 06:22:11 - <Config> - pattern matchers: MPM: ac, SPM: bm
25/7/2019 -- 06:22:11 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
25/7/2019 -- 06:22:11 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
25/7/2019 -- 06:22:11 - <Config> - prefilter engines: MPM
25/7/2019 -- 06:22:11 - <Config> - IP reputation disabled
25/7/2019 -- 06:22:11 - <Perf> - Registered 148 keyword profiling counters.
25/7/2019 -- 06:22:11 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ftp.rules
25/7/2019 -- 06:22:11 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-policy.rules
25/7/2019 -- 06:22:12 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-trojan.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-games.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-pop3.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-user_agents.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-activex.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-rpc.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-attack_response.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-scan.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-voip.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-chat.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-icmp_info.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-info.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-shellcode.rules
25/7/2019 -- 06:22:17 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_client.rules
25/7/2019 -- 06:22:18 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-imap.rules
25/7/2019 -- 06:22:18 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_server.rules
25/7/2019 -- 06:22:18 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-current_events.rules
25/7/2019 -- 06:22:21 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-inappropriate.rules
25/7/2019 -- 06:22:21 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-smtp.rules
25/7/2019 -- 06:22:21 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-web_specific_apps.rules
25/7/2019 -- 06:22:23 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-deleted.rules
25/7/2019 -- 06:22:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-malware.rules
25/7/2019 -- 06:22:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-snmp.rules
25/7/2019 -- 06:22:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-worm.rules
25/7/2019 -- 06:22:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dns.rules
25/7/2019 -- 06:22:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-misc.rules
25/7/2019 -- 06:22:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-sql.rules
25/7/2019 -- 06:22:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dos.rules
25/7/2019 -- 06:22:24 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-netbios.rules
25/7/2019 -- 06:22:25 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-telnet.rules
25/7/2019 -- 06:22:25 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-exploit.rules
25/7/2019 -- 06:22:25 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-p2p.rules
25/7/2019 -- 06:22:25 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tftp.rules
25/7/2019 -- 06:22:25 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-mobile_malware.rules
25/7/2019 -- 06:22:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-botcc.rules
25/7/2019 -- 06:22:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-compromised.rules
25/7/2019 -- 06:22:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-drop.rules
25/7/2019 -- 06:22:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-dshield.rules
25/7/2019 -- 06:22:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-tor.rules
25/7/2019 -- 06:22:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/enableall-ET-ciarmy.rules
25/7/2019 -- 06:22:26 - <Config> - Loading rule file: /opt/suricata400/etc/etproenall/local.rules
25/7/2019 -- 06:22:26 - <Config> - No rules loaded from local.rules.
25/7/2019 -- 06:22:26 - <Info> - 44 rule files processed. 50693 rules successfully loaded, 0 rules failed
25/7/2019 -- 06:22:26 - <Info> - Threshold config parsed: 0 rule(s) found
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for tcp-packet
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for tcp-stream
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for udp-packet
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for other-ip
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_uri
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_request_line
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_client_body
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_response_line
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_header
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_header
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_header_names
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_header_names
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_accept
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_accept_enc
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_accept_lang
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_referer
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_connection
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_content_len
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_content_len
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_content_type
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_content_type
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_protocol
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_protocol
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_start
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_start
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_raw_header
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_raw_header
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_method
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_cookie
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_cookie
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_raw_uri
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_user_agent
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_host
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_raw_host
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_stat_msg
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_stat_code
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for dns_query
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for tls_sni
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for tls_cert_issuer
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for tls_cert_subject
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for tls_cert_serial
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for dce_stub_data
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for dce_stub_data
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for ssh_protocol
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for ssh_protocol
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for ssh_software
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for ssh_software
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for file_data
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for file_data
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_request_line
25/7/2019 -- 06:22:27 - <Perf> - using shared mpm ctx' for http_response_line
25/7/2019 -- 06:22:27 - <Info> - 50718 signatures processed. 1220 are IP-only rules, 21106 are inspecting packet payload, 34612 inspect application layer, 0 are decoder event only
25/7/2019 -- 06:22:27 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
25/7/2019 -- 06:22:28 - <Perf> - TCP toserver: 41 port groups, 35 unique SGH's, 6 copies
25/7/2019 -- 06:22:28 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
25/7/2019 -- 06:22:28 - <Perf> - UDP toserver: 41 port groups, 34 unique SGH's, 7 copies
25/7/2019 -- 06:22:28 - <Perf> - UDP toclient: 21 port groups, 18 unique SGH's, 3 copies
25/7/2019 -- 06:22:28 - <Perf> - OTHER toserver: 254 proto groups, 7 unique SGH's, 247 copies
25/7/2019 -- 06:22:28 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
25/7/2019 -- 06:22:34 - <Perf> - Unique rule groups: 114
25/7/2019 -- 06:22:34 - <Perf> - Builtin MPM "toserver TCP packet": 33
25/7/2019 -- 06:22:34 - <Perf> - Builtin MPM "toclient TCP packet": 18
25/7/2019 -- 06:22:34 - <Perf> - Builtin MPM "toserver TCP stream": 29
25/7/2019 -- 06:22:34 - <Perf> - Builtin MPM "toclient TCP stream": 20
25/7/2019 -- 06:22:34 - <Perf> - Builtin MPM "toserver UDP packet": 33
25/7/2019 -- 06:22:34 - <Perf> - Builtin MPM "toclient UDP packet": 18
25/7/2019 -- 06:22:34 - <Perf> - Builtin MPM "other IP packet": 4
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_uri": 14
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_request_line": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_client_body": 6
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient http_response_line": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_header": 10
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient http_header": 6
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_header_names": 2
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_accept": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_referer": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_content_len": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_content_type": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient http_content_type": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_protocol": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_start": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_raw_header": 2
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient http_raw_header": 2
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_method": 5
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_cookie": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient http_cookie": 2
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_user_agent": 7
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver http_host": 2
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient http_stat_msg": 2
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient http_stat_code": 3
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver dns_query": 4
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver tls_sni": 2
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver dce_stub_data": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient dce_stub_data": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toserver file_data": 1
25/7/2019 -- 06:22:34 - <Perf> - AppLayer MPM "toclient file_data": 5
25/7/2019 -- 06:22:37 - <Perf> - Registered 50718 rule profiling counters.
25/7/2019 -- 06:22:37 - <Info> - fast output device (regular) initialized: alert
25/7/2019 -- 06:22:37 - <Info> - eve-log output device (regular) initiali

This file has been truncated. Go here to download in full.


stats.log - (4942 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
------------------------------------------------------------------------------------
Date: 7/25/2019 -- 06:22:45 (uptime: 0d, 00h 00m 08s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 11731
decoder.bytes                              | Total                     | 8936658
decoder.invalid                            | Total                     | 1
decoder.ipv4                               | Total                     | 11728
decoder.ethernet                           | Total                     | 11731
decoder.tcp                                | Total                     | 11725
decoder.icmpv4                             | Total                     | 3
decoder.avg_pkt_size                       | Total                     | 761
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 7
decoder.ethernet.pkt_too_small             | Total                     | 1
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
detect.alert                               | Total                     | 15
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 96
detect.fnonmpm_list                        | Total                     | 66
detect.match_list                          | Total                     | 68
app_layer.flow.http                        | Total                     | 7
app_layer.tx.http                          | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074880
------------------------------------------------------------------------------------
Date: 7/25/2019 -- 06:22:45 (uptime: 0d, 00h 00m 08s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 11731
decoder.bytes                              | Total                     | 8936658
decoder.invalid                            | Total                     | 1
decoder.ipv4                               | Total                     | 11728
decoder.ethernet                           | Total                     | 11731
decoder.tcp                                | Total                     | 11725
decoder.icmpv4                             | Total                     | 3
decoder.avg_pkt_size                       | Total                     | 761
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 7
decoder.ethernet.pkt_too_small             | Total                     | 1
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
detect.alert                               | Total                     | 15
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 96
detect.fnonmpm_list                        | Total                     | 66
detect.match_list                          | Total                     | 68
app_layer.flow.http                        | Total                     | 7
app_layer.tx.http                          | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074880


eve.json - (17239 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{"timestamp":"1900-01-00T00:00:08.804501+0000","pcap_cnt":2,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"1900-01-00T00:00:08.804501+0000","pcap_cnt":2,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100385,"rev":5,"signature":"GPL ICMP_INFO traceroute","category":"Attempted Information Leak","severity":2}}
{"timestamp":"1900-01-00T00:00:08.804501+0000","pcap_cnt":2,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100384,"rev":6,"signature":"GPL ICMP_INFO PING","category":"Misc activity","severity":3}}
{"timestamp":"1900-01-00T00:00:10.045933+0000","pcap_cnt":5,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100385,"rev":5,"signature":"GPL ICMP_INFO traceroute","category":"Attempted Information Leak","severity":2}}
{"timestamp":"1900-01-00T00:00:10.045933+0000","pcap_cnt":5,"event_type":"alert","src_ip":"10.0.2.15","dest_ip":"10.0.2.2","proto":"ICMP","icmp_type":8,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100384,"rev":6,"signature":"GPL ICMP_INFO PING","category":"Misc activity","severity":3}}
{"timestamp":"1900-01-00T00:00:10.045987+0000","pcap_cnt":6,"event_type":"alert","src_ip":"10.0.2.2","dest_ip":"10.0.2.15","proto":"ICMP","icmp_type":0,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2002752,"rev":4,"signature":"ET POLICY Reserved Internal IP Traffic","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"1900-01-00T00:00:10.045987+0000","pcap_cnt":6,"event_type":"alert","src_ip":"10.0.2.2","dest_ip":"10.0.2.15","proto":"ICMP","icmp_type":0,"icmp_code":0,"alert":{"action":"allowed","gid":1,"signature_id":2100408,"rev":6,"signature":"GPL ICMP_INFO Echo Reply","category":"Misc activity","severity":3}}
{"timestamp":"1900-01-00T00:00:18.427019+0000","flow_id":330845626964891,"pcap_cnt":12,"event_type":"alert","src_ip":"10.0.2.15","src_port":1035,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017930,"rev":10,"signature":"ET TROJAN Trojan Generic - POST To gate.php with no referer","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:18.427019+0000","flow_id":330845626964891,"pcap_cnt":12,"event_type":"alert","src_ip":"10.0.2.15","src_port":1035,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022986,"rev":3,"signature":"ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"1900-01-00T00:00:18.631423+0000","flow_id":330845626964891,"pcap_cnt":15,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1035,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"\/gate.php","gaps":false,"state":"CLOSED","stored":false,"size":920,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:18.640541+0000","flow_id":330845626964891,"pcap_cnt":17,"event_type":"http","src_ip":"10.0.2.15","src_port":1035,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:18.640541+0000","flow_id":330845626964891,"pcap_cnt":17,"event_type":"fileinfo","src_ip":"160.20.147.158","src_port":80,"dest_ip":"10.0.2.15","dest_port":1035,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.0","status":200,"length":31},"app_proto":"http","fileinfo":{"filename":"\/gate.php","gaps":false,"state":"CLOSED","stored":false,"size":31,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:26.337909+0000","flow_id":1115345026196817,"pcap_cnt":11668,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1036,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/logs_gate.php?plugin=bVRNWCNPuOWMZhfJGKyhsXjLc","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko\/20100101 Firefox\/12.0","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\PfETJKVNgtjwOmS.png","gaps":false,"state":"CLOSED","stored":false,"size":8294456,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:26.347759+0000","flow_id":1115345026196817,"pcap_cnt":11670,"event_type":"http","src_ip":"10.0.2.15","src_port":1036,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"160.20.147.158","url":"\/logs_gate.php?plugin=bVRNWCNPuOWMZhfJGKyhsXjLc","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko\/20100101 Firefox\/12.0","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:26.347759+0000","flow_id":1115345026196817,"pcap_cnt":11670,"event_type":"fileinfo","src_ip":"160.20.147.158","src_port":80,"dest_ip":"10.0.2.15","dest_port":1036,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/logs_gate.php?plugin=bVRNWCNPuOWMZhfJGKyhsXjLc","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko\/20100101 Firefox\/12.0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.0","status":200,"length":3},"app_proto":"http","fileinfo":{"filename":"\/logs_gate.php","gaps":false,"state":"CLOSED","stored":false,"size":3,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:28.372950+0000","flow_id":1758344580446902,"pcap_cnt":11680,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1037,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/logs_gate.php?plugin=bVRNWCNPuOWMZhfJGKyhsXjLc","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko\/20100101 Firefox\/12.0","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"C:\\DOCUME~1\\JANETT~1\\LOCALS~1\\Temp\\ProcessList.txt","gaps":false,"state":"CLOSED","stored":false,"size":319,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:28.381441+0000","flow_id":1758344580446902,"pcap_cnt":11682,"event_type":"http","src_ip":"10.0.2.15","src_port":1037,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"160.20.147.158","url":"\/logs_gate.php?plugin=bVRNWCNPuOWMZhfJGKyhsXjLc","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko\/20100101 Firefox\/12.0","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:28.381441+0000","flow_id":1758344580446902,"pcap_cnt":11682,"event_type":"fileinfo","src_ip":"160.20.147.158","src_port":80,"dest_ip":"10.0.2.15","dest_port":1037,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/logs_gate.php?plugin=bVRNWCNPuOWMZhfJGKyhsXjLc","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko\/20100101 Firefox\/12.0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.0","status":200,"length":7},"app_proto":"http","fileinfo":{"filename":"\/logs_gate.php","gaps":false,"state":"CLOSED","stored":false,"size":7,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:31.842662+0000","flow_id":1937047432411829,"pcap_cnt":11692,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1038,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/logs_gate.php?plugin=bVRNWCNPuOWMZhfJGKyhsXjLc","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko\/20100101 Firefox\/12.0","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"C:\\Documents and Settings\\janettedoe\\Desktop\\bigbang.txt","gaps":false,"state":"CLOSED","stored":false,"size":9,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:31.851750+0000","flow_id":1937047432411829,"pcap_cnt":11695,"event_type":"http","src_ip":"10.0.2.15","src_port":1038,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"160.20.147.158","url":"\/logs_gate.php?plugin=bVRNWCNPuOWMZhfJGKyhsXjLc","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko\/20100101 Firefox\/12.0","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:31.851750+0000","flow_id":1937047432411829,"pcap_cnt":11695,"event_type":"fileinfo","src_ip":"160.20.147.158","src_port":80,"dest_ip":"10.0.2.15","dest_port":1038,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/logs_gate.php?plugin=bVRNWCNPuOWMZhfJGKyhsXjLc","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko\/20100101 Firefox\/12.0","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.0","status":200,"length":7},"app_proto":"http","fileinfo":{"filename":"\/logs_gate.php","gaps":false,"state":"CLOSED","stored":false,"size":7,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:31.852996+0000","flow_id":1546785229102889,"pcap_cnt":11701,"event_type":"alert","src_ip":"10.0.2.15","src_port":1039,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017930,"rev":10,"signature":"ET TROJAN Trojan Generic - POST To gate.php with no referer","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:31.852996+0000","flow_id":1546785229102889,"pcap_cnt":11701,"event_type":"alert","src_ip":"10.0.2.15","src_port":1039,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022986,"rev":3,"signature":"ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"1900-01-00T00:00:31.884681+0000","flow_id":1546785229102889,"pcap_cnt":11704,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1039,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"\/gate.php","gaps":false,"state":"CLOSED","stored":false,"size":926,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:31.893130+0000","flow_id":1546785229102889,"pcap_cnt":11706,"event_type":"http","src_ip":"10.0.2.15","src_port":1039,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:31.893130+0000","flow_id":1546785229102889,"pcap_cnt":11706,"event_type":"fileinfo","src_ip":"160.20.147.158","src_port":80,"dest_ip":"10.0.2.15","dest_port":1039,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.0","status":200,"length":3},"app_proto":"http","fileinfo":{"filename":"\/gate.php","gaps":false,"state":"CLOSED","stored":false,"size":3,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:51.943390+0000","flow_id":565636458818317,"pcap_cnt":11713,"event_type":"alert","src_ip":"10.0.2.15","src_port":1040,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017930,"rev":10,"signature":"ET TROJAN Trojan Generic - POST To gate.php with no referer","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1900-01-00T00:00:51.943390+0000","flow_id":565636458818317,"pcap_cnt":11713,"event_type":"alert","src_ip":"10.0.2.15","src_port":1040,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022986,"rev":3,"signature":"ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"1900-01-00T00:00:51.974278+0000","flow_id":565636458818317,"pcap_cnt":11716,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1040,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"\/gate.php","gaps":false,"state":"CLOSED","stored":false,"size":920,"tx_id":0}}
{"timestamp":"1900-01-00T00:00:51.983637+0000","flow_id":565636458818317,"pcap_cnt":11718,"event_type":"http","src_ip":"10.0.2.15","src_port":1040,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_content_type":"text\/html"}}
{"timestamp":"1900-01-00T00:00:51.983637+0000","flow_id":565636458818317,"pcap_cnt":11718,"event_type":"fileinfo","src_ip":"160.20.147.158","src_port":80,"dest_ip":"10.0.2.15","dest_port":1040,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.0","status":200,"length":15},"app_proto":"http","fileinfo":{"filename":"\/gate.php","gaps":false,"state":"CLOSED","stored":false,"size":15,"tx_id":0}}
{"timestamp":"1970-01-01T00:01:12.024847+0000","flow_id":509898522115021,"pcap_cnt":11725,"event_type":"alert","src_ip":"10.0.2.15","src_port":1041,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017930,"rev":10,"signature":"ET TROJAN Trojan Generic - POST To gate.php with no referer","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"1970-01-01T00:01:12.024847+0000","flow_id":509898522115021,"pcap_cnt":11725,"event_type":"alert","src_ip":"10.0.2.15","src_port":1041,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022986,"rev":3,"signature":"ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"1970-01-01T00:01:12.059289+0000","flow_id":509898522115021,"pcap_cnt":11728,"event_type":"fileinfo","src_ip":"10.0.2.15","src_port":1041,"dest_ip":"160.20.147.158","dest_port":80,"proto":"TCP","http":{"hostname":"160.20.147.158","url":"\/gate.php","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit\/537 (KHTML, like Gecko) Chrome\/68.0.3440 Safari\/537","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"\/gate.php","gaps":false,"state":"CLOSED","stored":false,"size":920,"tx_id":0}}
{"timestamp":"1970-01-01T00:01:12.067667+0000","flow_id":509898522115021,"pcap_cnt":11730,"event_type":"http","src_ip":"10.0.2.15","src_port":1041,"dest_ip":"160.20.147.158","dest_port":80,"pro

This file has been truncated. Go here to download in full.


unified2.alert.1564035757 - (4546 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
4F•@

XF•<RT5'ã›E!Z¡r

(gDHCPC4F• ¡

XF•<RT5'ã›E!Z¡r

(gDHCPC4F•  

XF•<RT5'ã›E!Z¡r

(gDHCPC4
³m ¡

X

³m<RT5'ã›E![¡q

'gDHCPC4
³m  

X

³m<RT5'ã›E![¡q

'gDHCPC4
³£@

K

³£/'ã›RT5E!¡Ë

/gDHCPC4
³£ ¸

K

³£/'ã›RT5E!¡Ë

/gDHCPC4„ʊ

 “žPo„SEEyò
 “žPPAûPOST /gate.php HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 920
Host: 160.20.147.158
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537 (KHTML, like Gecko) Chrome/68.0.3440 Safari/537

4	„ÞJ
 “žPo	„SEEyò
 “žPPAûPOST /gate.php HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 920
Host: 160.20.147.158
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537 (KHTML, like Gecko) Chrome/68.0.3440 Safari/537

4

ʊ

 “žPo

SEEyò
 “žPP;÷POST /gate.php HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 926
Host: 160.20.147.158
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537 (KHTML, like Gecko) Chrome/68.0.3440 Safari/537

4
ÞJ
 “žPo
SEEyò
 “žPP;÷POST /gate.php HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 926
Host: 160.20.147.158
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537 (KHTML, like Gecko) Chrome/68.0.3440 Safari/537

43eʊ

 “žPo33eSEEyò
 “žPPAöPOST /gate.php HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 920
Host: 160.20.147.158
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537 (KHTML, like Gecko) Chrome/68.0.3440 Safari/537

4
3eÞJ
 “žPo
33eSEEyò
 “žPPAöPOST /gate.php HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 920
Host: 160.20.147.158
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537 (KHTML, like Gecko) Chrome/68.0.3440 Safari/537

4Haʊ

 “žPoHHaSEEyò
 “žPPAõPOST /gate.php HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 920
Host: 160.20.147.158
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537 (KHTML, like Gecko) Chrome/68.0.3440 Safari/537

4HaÞJ
 “žPoHHaSEEyò
 “žPPAõPOST /gate.php HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 920
Host: 160.20.147.158
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537 (KHTML, like Gecko) Chrome/68.0.3440 Safari/537


suricata-4.0.0-etproenall-all-alert-2019-07-25-T-06-22-45-07252019.0622-a99afbf77d191687ed261a7a5784034fb7903ecc220426c18bc573fb6f1dd098.pcap.txt - (2661 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
08.804501  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
08.804501  [**] [1:2100385:5] GPL ICMP_INFO traceroute [**] [Classification: Attempted Information Leak] [Priority: 2] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
08.804501  [**] [1:2100384:6] GPL ICMP_INFO PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
10.045933  [**] [1:2100385:5] GPL ICMP_INFO traceroute [**] [Classification: Attempted Information Leak] [Priority: 2] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
10.045933  [**] [1:2100384:6] GPL ICMP_INFO PING [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.15:8 -> 10.0.2.2:0
10.045987  [**] [1:2002752:4] ET POLICY Reserved Internal IP Traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] {ICMP} 10.0.2.2:0 -> 10.0.2.15:0
10.045987  [**] [1:2100408:6] GPL ICMP_INFO Echo Reply [**] [Classification: Misc activity] [Priority: 3] {ICMP} 10.0.2.2:0 -> 10.0.2.15:0
18.427019  [**] [1:2017930:10] ET TROJAN Trojan Generic - POST To gate.php with no referer [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1035 -> 160.20.147.158:80
18.427019  [**] [1:2022986:3] ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1035 -> 160.20.147.158:80
31.852996  [**] [1:2017930:10] ET TROJAN Trojan Generic - POST To gate.php with no referer [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1039 -> 160.20.147.158:80
31.852996  [**] [1:2022986:3] ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1039 -> 160.20.147.158:80
51.943390  [**] [1:2017930:10] ET TROJAN Trojan Generic - POST To gate.php with no referer [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1040 -> 160.20.147.158:80
51.943390  [**] [1:2022986:3] ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1040 -> 160.20.147.158:80
01/01/1970-00:01:12.024847  [**] [1:2017930:10] ET TROJAN Trojan Generic - POST To gate.php with no referer [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1041 -> 160.20.147.158:80
01/01/1970-00:01:12.024847  [**] [1:2022986:3] ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.0.2.15:1041 -> 160.20.147.158:80


keyword_perf.log - (16846 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/25/2019 -- 06:22:45
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              58532852        11748           0               422374          4982.00         0.00            4982.00        
  window           57889522        11692           0               262114          4951.00         0.00            4951.00        
  ipopts           29765262        5883            0               91710           5059.00         0.00            5059.00        
  flags            87291462        17664           11692           434508          4941.00         4958.00         4908.00        
  fragbits         175760664       35261           23503           268858          4984.00         5015.00         4923.00        
  fragoffset       29414210        5874            0               55376           5007.00         0.00            5007.00        
  ttl              30078462        5879            2               145316          5116.00         10066.00        5114.00        
  itype            525762          108             5               18970           4868.00         4818.00         4870.00        
  icode            6491968         234             87              5388692         27743.00        66613.00        4738.00        
  icmp_id          36384           6               0               11716           6064.00         0.00            6064.00        
  dsize            115935392       23422           23422           116798          4949.00         4949.00         0.00           
  flow             151882908       24420           24406           26024904        6219.00         6218.00         7968.00        
  threshold        62932           3               2               40386           20977.00        27881.00        7170.00        
  content          170193388       26542           7731            218286          6412.00         7947.00         5781.00        
  pcre             2619071892      185706          5900            22946400        14103.00        5900.00         14372.00       
  byte_test        282030680       56615           52136           283110          4981.00         4958.00         5246.00        
  byte_jump        123326          9               0               74278           13702.00        0.00            13702.00       
  sameip           58070798        11728           0               121110          4951.00         0.00            4951.00        
  isdataat         68108           14              10              6244            4864.00         4869.00         4853.00        
  flowbits         33645246        6263            5820            53338           5372.00         5374.00         5334.00        
  urilen           1503408         245             89              33042           6136.00         6636.00         5850.00        
  byte_extract     30711998        5830            5823            50240           5267.00         5268.00         4439.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  ack              58532852        11748           0               422374          4982.00         0.00            4982.00        
  window           57889522        11692           0               262114          4951.00         0.00            4951.00        
  ipopts           29765262        5883            0               91710           5059.00         0.00            5059.00        
  flags            87291462        17664           11692           434508          4941.00         4958.00         4908.00        
  fragbits         175760664       35261           23503           268858          4984.00         5015.00         4923.00        
  fragoffset       29414210        5874            0               55376           5007.00         0.00            5007.00        
  ttl              30078462        5879            2               145316          5116.00         10066.00        5114.00        
  itype            525762          108             5               18970           4868.00         4818.00         4870.00        
  icode            6491968         234             87              5388692         27743.00        66613.00        4738.00        
  icmp_id          36384           6               0               11716           6064.00         0.00            6064.00        
  dsize            115935392       23422           23422           116798          4949.00         4949.00         0.00           
  flow             151882908       24420           24406           26024904        6219.00         6218.00         7968.00        
  sameip           58070798        11728           0               121110          4951.00         0.00            4951.00        
  flowbits         2406936         452             9               33554           5325.00         4852.00         5334.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          70844968        8941            6592            93576           7923.00         8186.00         7186.00        
  pcre             2614989610      185362          5816            22946400        14107.00        5835.00         14375.00       
  byte_test        282030680       56615           52136           283110          4981.00         4958.00         5246.00        
  byte_jump        123326          9               0               74278           13702.00        0.00            13702.00       
  isdataat         68108           14              10              6244            4864.00         4869.00         4853.00        
  byte_extract     30711998        5830            5823            50240           5267.00         5268.00         4439.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         31238310        5811            5811            53338           5375.00         5375.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        62932           3               2               40386           20977.00        27881.00        7170.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          34976446        6349            419             56984           5508.00         6426.00         5444.00        
  pcre             2524956         205             70              64798           12316.00        9637.00         13706.00       
  urilen           1503408         245             89              33042           6136.00         6636.00         5850.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          24372148        4398            29              218286          5541.00         8589.00         5521.00        
  pcre             257494          23              0               38396           11195.00        0.00            11195.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          36648           7               0               5946            5235.00         0.00            5235.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          37468818        6434            398             89936           5823.00         7011.00         5745.00        
  pcre             1035160         91              10              37726           11375.00        15284.00        10892.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          467908          67              31              22764           6983.00         6860.00         7090.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          114496          18              18              11702           6360.00         6360.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_protocol
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          44076           7               7               10686           6296.00         6296.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1168100         210             187             11650           5562.00         5538.00         5757.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          609004          97              50              17134           6278.00         6726.00         5801.00        
  pcre             220336          21              0               23672           10492.00        0.00            10492.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             44336           4               4               14960           11084.00        11084.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1219 bytes) - download
1
2
3
4
5
6
7
8
2019-07-25 06:22:11,049 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-25 06:22:11,825 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-25 06:22:11,825 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etproenall-all
2019-07-25 06:22:11,825 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-25 06:22:11,829 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-25 06:22:11,829 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etproenall/suricata400-etproenall-all.yaml -l /var/www/html/89ebc2073ed212740b94b40530e584c151cf25896b6b2454fe89507ba3b24642 -r /var/pcap/07252019.0622-a99afbf77d191687ed261a7a5784034fb7903ecc220426c18bc573fb6f1dd098.pcap -vvv -k none
2019-07-25 06:22:45,542 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-25 06:22:45,543 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 34.5090420246