1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 | Packet profile dump:
IP ver Proto cnt min max avg tot %%
------ ----- ---------- ------------ ------------ ----------- ----------- ---
IPv4 6 29 4180602 94738124 70862160 2.1b 25.61
IPv4 17 22 11073168 72507706 34761972 764.8m 9.53
IPv6 17 46 10456600 102955094 87738346 4.0b 50.29
IPv6 58 13 83376000 100124978 89932339 1.2b 14.57
Note: Protocol 256 tracks pseudo/tunnel packets.
Per Thread module stats:
Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
TMM_FLOWWORKER IPv4 6 29 136190 10394904 962530 27.9m 31.33
TMM_FLOWWORKER IPv4 17 22 238766 16172038 1972389 43.4m 48.71
TMM_RECEIVEPCAPFILE IPv4 6 28 5166 33806 6746 188.9k 0.21
TMM_RECEIVEPCAPFILE IPv4 17 22 5194 6324 5659 124.5k 0.14
TMM_DECODEPCAPFILE IPv4 6 28 5292 57814 8268 231.5k 0.26
TMM_DECODEPCAPFILE IPv4 17 22 5310 8012 5640 124.1k 0.14
TMM_FLOWWORKER IPv6 17 46 217912 977826 309267 14.2m 15.97
TMM_FLOWWORKER IPv6 58 13 133854 288484 162289 2.1m 2.37
TMM_RECEIVEPCAPFILE IPv6 17 46 5178 56930 6881 316.6k 0.36
TMM_RECEIVEPCAPFILE IPv6 58 13 5170 7328 5641 73.3k 0.08
TMM_DECODEPCAPFILE IPv6 17 46 5336 49250 6499 299.0k 0.34
TMM_DECODEPCAPFILE IPv6 58 13 5354 17312 6717 87.3k 0.10
Flow Worker IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
flow IPv4 6 28 5656 9340 6665 186.6k 0.27
flow IPv4 17 22 5660 14764 7984 175.7k 0.26
stream IPv4 6 29 6816 730900 93876 2.7m 3.98
app-layer IPv4 17 22 5128 89746 13529 297.6k 0.44
detect IPv4 6 29 90294 9357712 778305 22.6m 33.03
detect IPv4 17 22 206074 10949784 1236151 27.2m 39.80
tcp-prune IPv4 6 29 5170 12844 6439 186.7k 0.27
flow IPv6 17 46 5522 50650 8157 375.2k 0.55
flow IPv6 58 13 5586 31048 8129 105.7k 0.15
app-layer IPv6 17 46 5128 64318 12893 593.1k 0.87
detect IPv6 17 46 185100 816760 263930 12.1m 17.77
detect IPv6 58 13 111586 240330 137364 1.8m 2.61
Note: stream includes app-layer for TCP
Per App layer parser stats:
App Layer IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
http IPv4 6 3 15250 51056 29460 88.4k 11.79
dns IPv4 17 2 13926 33464 23695 47.4k 6.32
http IPv6 17 16 22074 51056 38376 614.0k 81.89
Proto detect IPv4 17 7 5300 38266 16514 115.6k
Proto detect IPv6 17 19 5474 50694 10238 194.5k
Log Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
Logger/output stats:
Logger IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
LOGGER_JSON_DNS IPv4 17 2 100948 15051700 7576324 15.2m 94.35
LOGGER_JSON_HTTP IPv4 6 2 165594 230732 198163 396.3k 2.47
LOGGER_JSON_FILE IPv4 6 2 241180 270262 255721 511.4k 3.18
Prefilter IP ver Proto cnt min max avg tot %%
-------------------- ------ ----- ---------- ------------ ------------ ----------- --------- ---
payload IPv4 6 15 5724 806536 158154 2.4m 27.94
payload IPv4 17 22 5768 330118 45380 998.4k 11.76
stream IPv4 6 15 5160 414500 72505 1.1m 12.81
http_uri IPv4 6 2 118612 738422 428517 857.0k 10.09
http_request_line IPv4 6 2 14164 45378 29771 59.5k 0.70
http_client_body IPv4 6 2 8624 21580 15102 30.2k 0.36
http_header (request) IPv4 6 2 45604 537564 291584 583.2k 6.87
http_header (request trailer) IPv4 6 2 5336 5664 5500 11.0k 0.13
http_header_names (request) IPv4 6 2 18688 109908 64298 128.6k 1.51
http_accept (request) IPv4 6 2 7088 21118 14103 28.2k 0.33
http_referer (request) IPv4 6 2 5852 6128 5990 12.0k 0.14
http_content_len (request) IPv4 6 2 6430 12652 9541 19.1k 0.22
http_content_type (request) IPv4 6 2 6852 6916 6884 13.8k 0.16
http_protocol (request) IPv4 6 2 9314 10002 9658 19.3k 0.23
http_start (request) IPv4 6 2 19108 56760 37934 75.9k 0.89
http_raw_header (request) IPv4 6 2 23886 43752 33819 67.6k 0.80
http_method IPv4 6 2 14304 432706 223505 447.0k 5.26
http_cookie (request) IPv4 6 2 6180 26500 16340 32.7k 0.38
http_raw_uri IPv4 6 2 10804 13988 12396 24.8k 0.29
http_user_agent IPv4 6 2 5842 6158 6000 12.0k 0.14
http_host IPv4 6 2 14712 57270 35991 72.0k 0.85
dns_query IPv4 17 1 61382 61382 61382 61.4k 0.72
http_response_line IPv4 6 2 16946 18702 17824 35.6k 0.42
http_header (response) IPv4 6 2 81442 97790 89616 179.2k 2.11
http_header (response trailer) IPv4 6 2 5254 5626 5440 10.9k 0.13
http_content_type (response) IPv4 6 2 21056 21942 21499 43.0k 0.51
http_raw_header (response) IPv4 6 3 13512 19014 16912 50.7k 0.60
http_cookie (response) IPv4 6 2 5748 7130 6439 12.9k 0.15
http_stat_code IPv4 6 2 8094 9766 8930 17.9k 0.21
file_data (http response) IPv4 6 1 7404 7404 7404 7.4k 0.09
Total IPv4 105 70201 7.4m
payload IPv6 17 46 5798 209020 19188 882.7k 10.39
payload IPv6 58 13 5700 106734 18316 238.1k 2.80
Total IPv6 59 18996 1.1m
General detection engine stats:
Detection phase IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
PROF_DETECT_IPONLY IPv4 6 4 27842 156452 100588 402.4k 0.60
PROF_DETECT_IPONLY IPv4 17 7 50202 178968 92680 648.8k 0.97
PROF_DETECT_RULES IPv4 6 29 5184 6814958 383993 11.1m 16.60
PROF_DETECT_RULES IPv4 17 22 89558 10812988 698572 15.4m 22.91
PROF_DETECT_STATEFUL_START IPv4 6 9 10434 3888632 581642 5.2m 7.80
PROF_DETECT_STATEFUL_CONT IPv4 6 29 5112 34622 11903 345.2k 0.51
PROF_DETECT_STATEFUL_CONT IPv4 17 22 5114 70806 9692 213.2k 0.32
PROF_DETECT_STATEFUL_UPDATE IPv4 6 21 5176 31572 6710 140.9k 0.21
PROF_DETECT_STATEFUL_UPDATE IPv4 17 2 6322 6384 6353 12.7k 0.02
PROF_DETECT_PREFILTER IPv4 6 29 16332 2434248 275370 8.0m 11.90
PROF_DETECT_PREFILTER IPv4 17 22 47488 379158 94888 2.1m 3.11
PROF_DETECT_PF_PAYLOAD IPv4 6 15 36244 827256 247053 3.7m 5.52
PROF_DETECT_PF_PAYLOAD IPv4 17 22 16024 341868 56201 1.2m 1.84
PROF_DETECT_PF_TX IPv4 6 21 5280 2263356 159200 3.3m 4.98
PROF_DETECT_PF_TX IPv4 17 1 72884 72884 72884 72.9k 0.11
PROF_DETECT_PF_SORT1 IPv4 6 10 5234 23472 7845 78.5k 0.12
PROF_DETECT_PF_SORT1 IPv4 17 22 5172 8640 6493 142.9k 0.21
PROF_DETECT_PF_SORT2 IPv4 6 29 5128 14212 6238 180.9k 0.27
PROF_DETECT_PF_SORT2 IPv4 17 22 5152 7586 5759 126.7k 0.19
PROF_DETECT_NONMPMLIST IPv4 6 29 5192 8514 6122 177.5k 0.26
PROF_DETECT_NONMPMLIST IPv4 17 22 5134 69192 9956 219.0k 0.33
PROF_DETECT_ALERT IPv4 6 29 5140 7498 5516 160.0k 0.24
PROF_DETECT_ALERT IPv4 17 22 5150 7198 5539 121.9k 0.18
PROF_DETECT_CLEANUP IPv4 6 29 5292 27752 6696 194.2k 0.29
PROF_DETECT_CLEANUP IPv4 17 22 5124 24446 6712 147.7k 0.22
PROF_DETECT_GETSGH IPv4 6 29 5140 13112 6450 187.1k 0.28
PROF_DETECT_GETSGH IPv4 17 22 5528 33652 8545 188.0k 0.28
PROF_DETECT_IPONLY IPv6 17 19 5638 122754 13286 252.4k 0.38
PROF_DETECT_IPONLY IPv6 58 2 6062 14952 10507 21.0k 0.03
PROF_DETECT_RULES IPv6 17 46 67754 299608 104458 4.8m 7.16
PROF_DETECT_RULES IPv6 58 13 5164 17792 6327 82.3k 0.12
PROF_DETECT_STATEFUL_CONT IPv6 17 46 5120 6430 5605 257.9k 0.38
PROF_DETECT_STATEFUL_CONT IPv6 58 13 5382 5832 5531 71.9k 0.11
PROF_DETECT_PREFILTER IPv6 17 46 48092 303916 65848 3.0m 4.52
PROF_DETECT_PREFILTER IPv6 58 13 37336 138498 51967 675.6k 1.01
PROF_DETECT_PF_PAYLOAD IPv6 17 46 16048 219820 30131 1.4m 2.07
PROF_DETECT_PF_PAYLOAD IPv6 58 13 16080 117014 28814 374.6k 0.56
PROF_DETECT_PF_SORT1 IPv6 17 46 5200 32090 6641 305.5k 0.46
PROF_DETECT_PF_SORT2 IPv6 17 46 5158 9790 5510 253.5k 0.38
PROF_DETECT_PF_SORT2 IPv6 58 13 5122 5584 5267 68.5k 0.10
PROF_DETECT_NONMPMLIST IPv6 17 46 5126 16264 5926 272.6k 0.41
PROF_DETECT_NONMPMLIST IPv6 58 13 5122 5588 5422 70.5k 0.11
PROF_DETECT_ALERT IPv6 17 46 5134 18812 5576 256.5k 0.38
PROF_DETECT_ALERT IPv6 58 13 5142 5516 5205 67.7k 0.10
PROF_DETECT_CLEANUP IPv6 17 46 5118 24268 6332 291.3k 0.43
PROF_DETECT_CLEANUP IPv6 58 13 5132 6916 5389 70.1k 0.10
PROF_DETECT_GETSGH IPv6 17 46 5344 87732 11062 508.9k 0.76
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | --------------------------------------------------------------------------
Date: 1/5/2021 -- 21:35:07. Sorted by: max ticks.
--------------------------------------------------------------------------
Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match
-------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
1 2815181 1 3 706030 4.85 1 0 706030 706030.00 0.00 706030.00
2 2016706 1 20 570772 3.92 1 0 570772 570772.00 0.00 570772.00
3 2020963 1 2 505456 3.47 1 0 505456 505456.00 0.00 505456.00
4 2805348 1 4 610756 4.19 5 0 201322 122151.20 0.00 122151.20
5 2016537 1 2 458230 3.15 7 2 185956 65461.43 151415.00 31080.00
6 2821615 1 2 273780 1.88 2 0 152398 136890.00 0.00 136890.00
7 2815568 1 2 141146 0.97 1 0 141146 141146.00 0.00 141146.00
8 2815156 1 2 125216 0.86 1 0 125216 125216.00 0.00 125216.00
9 2010140 1 7 616406 4.23 67 0 119696 9200.09 0.00 9200.09
10 2815220 1 2 113364 0.78 1 0 113364 113364.00 0.00 113364.00
11 2816530 1 2 206086 1.42 2 0 111270 103043.00 0.00 103043.00
12 2815481 1 6 108624 0.75 1 0 108624 108624.00 0.00 108624.00
13 2807793 1 4 99284 0.68 1 0 99284 99284.00 0.00 99284.00
14 2816165 1 5 175292 1.20 2 0 99198 87646.00 0.00 87646.00
15 2810353 1 5 167874 1.15 2 0 97138 83937.00 0.00 83937.00
16 2811905 1 3 93726 0.64 1 0 93726 93726.00 0.00 93726.00
17 2815754 1 2 93066 0.64 1 0 93066 93066.00 0.00 93066.00
18 2015877 1 6 91044 0.63 1 0 91044 91044.00 0.00 91044.00
19 2826256 1 2 176636 1.21 2 0 88780 88318.00 0.00 88318.00
20 2816895 1 2 176166 1.21 2 0 88162 88083.00 0.00 88083.00
21 2830035 1 2 151686 1.04 2 0 86374 75843.00 0.00 75843.00
22 2830124 1 1 171436 1.18 2 0 85840 85718.00 0.00 85718.00
23 2821569 1 7 81644 0.56 1 0 81644 81644.00 0.00 81644.00
24 2019094 1 5 80578 0.55 1 0 80578 80578.00 0.00 80578.00
25 2022770 1 2 80338 0.55 1 0 80338 80338.00 0.00 80338.00
26 2823858 1 3 78872 0.54 1 0 78872 78872.00 0.00 78872.00
27 2017456 1 3 76796 0.53 1 0 76796 76796.00 0.00 76796.00
28 2021399 1 3 76150 0.52 1 0 76150 76150.00 0.00 76150.00
29 2819887 1 2 129548 0.89 2 0 75212 64774.00 0.00 64774.00
30 2017119 1 4 74008 0.51 1 0 74008 74008.00 0.00 74008.00
31 2020181 1 8 73912 0.51 1 0 73912 73912.00 0.00 73912.00
32 2807970 1 8 73462 0.50 1 0 73462 73462.00 0.00 73462.00
33 2809363 1 3 72322 0.50 1 0 72322 72322.00 0.00 72322.00
34 2025162 1 2 130384 0.90 2 0 72312 65192.00 0.00 65192.00
35 2829607 1 1 128038 0.88 2 0 71406 64019.00 0.00 64019.00
36 2024771 1 1 127328 0.87 2 0 70520 63664.00 0.00 63664.00
37 2014442 1 6 70400 0.48 1 0 70400 70400.00 0.00 70400.00
38 2023083 1 2 137264 0.94 2 0 69472 68632.00 0.00 68632.00
39 2816395 1 3 98914 0.68 2 0 67738 49457.00 0.00 49457.00
40 2021718 1 4 67162 0.46 1 0 67162 67162.00 0.00 67162.00
41 2017076 1 9 66938 0.46 1 0 66938 66938.00 0.00 66938.00
42 2811826 1 7 66660 0.46 1 0 66660 66660.00 0.00 66660.00
43 2017713 1 7 66330 0.46 1 0 66330 66330.00 0.00 66330.00
44 2021413 1 2 66320 0.46 1 0 66320 66320.00 0.00 66320.00
45 2008782 1 5 107956 0.74 2 0 63114 53978.00 0.00 53978.00
46 2821471 1 2 62896 0.43 1 0 62896 62896.00 0.00 62896.00
47 2020964 1 2 62260 0.43 1 0 62260 62260.00 0.00 62260.00
48 2022901 1 2 61640 0.42 1 0 61640 61640.00 0.00 61640.00
49 2816330 1 2 115268 0.79 2 0 60850 57634.00 0.00 57634.00
50 2008377 1 5 60414 0.41 1 0 60414 60414.00 0.00 60414.00
51 2021418 1 9 59510 0.41 1 0 59510 59510.00 0.00 59510.00
52 2017556 1 3 59446 0.41 1 0 59446 59446.00 0.00 59446.00
53 2809267 1 8 112518 0.77 2 0 58954 56259.00 0.00 56259.00
54 2019230 1 2 63696 0.44 2 0 57550 31848.00 0.00 31848.00
55 2815182 1 3 56458 0.39 1 0 56458 56458.00 0.00 56458.00
56 2829644 1 1 108472 0.75 2 0 55800 54236.00 0.00 54236.00
57 2812433 1 2 55444 0.38 1 0 55444 55444.00 0.00 55444.00
58 2020962 1 3 54662 0.38 1 0 54662 54662.00 0.00 54662.00
59 2815886 1 2 103098 0.71 2 0 54526 51549.00 0.00 51549.00
60 2017261 1 3 54366 0.37 1 0 54366 54366.00 0.00 54366.00
61 2815180 1 3 54194 0.37 1 0 54194 54194.00 0.00 54194.00
62 2811280 1 7 53916 0.37 1 0 53916 53916.00 0.00 53916.00
63 2017948 1 2 53602 0.37 1 0 53602 53602.00 0.00 53602.00
64 2014967 1 3 52812 0.36 1 0 52812 52812.00 0.00 52812.00
65 2017454 1 12 52784 0.36 1 0 52784 52784.00 0.00 52784.00
66 2015889 1 9 52312 0.36 1 0 52312 52312.00 0.00 52312.00
67 2017552 1 6 225738 1.55 7 0 46080 32248.29 0.00 32248.29
68 2809511 1 4 44612 0.31 1 0 44612 44612.00 0.00 44612.00
69 2012707 1 5 86730 0.60 2 0 44416 43365.00 0.00 43365.00
70 2014701 1 12 49634 0.34 2 0 43724 24817.00 0.00 24817.00
71 2017036 1 3 43596 0.30 1 0 43596 43596.00 0.00 43596.00
72 2016809 1 5 42648 0.29 1 0 42648 42648.00 0.00 42648.00
73 2813027 1 3 42596 0.29 1 0 42596 42596.00 0.00 42596.00
74 2807682 1 2 41832 0.29 1 0 41832 41832.00 0.00 41832.00
75 2024606 1 2 41766 0.29 1 0 41766 41766.00 0.00 41766.00
76 2822633 1 3 41712 0.29 1 0 41712 41712.00 0.00 41712.00
77 2009702 1 5 47954 0.33 2 0 41090 23977.00 0.00 23977.00
78 2016073 1 7 41080 0.28 1 0 41080 41080.00 0.00 41080.00
79 2815139 1 3 73030 0.50 2 0 41030 36515.00 0.00 36515.00
80 2019378 1 12 40418 0.28 1 0 40418 40418.00 0.00 40418.00
81 2816899 1 2 39566 0.27 1 0 39566 39566.00 0.00 39566.00
82 2023626 1 3 221260 1.52 32 0 34434 6914.38 0.00 6914.38
83 2022543 1 1 33974 0.23 1 0 33974 33974.00 0.00 33974.00
84 2815823 1 2 63074 0.43 2 0 33460 31537.00 0.00 31537.00
85 2803760 1 3 32428 0.22 1 0 32428 32428.00 0.00 32428.00
86 2826281 1 2 31496 0.22 1 0 31496 31496.00 0.00 31496.00
87 2811544 1 1 37642 0.26 2 0 31206 18821.00 0.00 18821.00
88 2019016 1 3 99064 0.68 10 0 30638 9906.40 0.00 9906.40
89 2013739 1 15 415478 2.85 66 0 30326 6295.12 0.00 6295.12
90 2820710 1 2 60130 0.41 2 0 30316 30065.00 0.00 30065.00
91 2815872 1 2 60144 0.41 2 0 30250 30072.00 0.00 30072.00
92 2821022 1 4 59194 0.41 2 0 29876 29597.00 0.00 29597.00
93 2816896 1 2 58766 0.40 2 0 29640 29383.00 0.00 29383.00
94 2014703 1 9 36892 0.25 2 0 29612 18446.00 0.00 18446.00
95 2811577 1 2 36400 0.25 2 0 29482 18200.00 0.00 18200.00
96 2815824 1 2 57492 0.39 2 0 29444 28746.00 0.00 28746.00
97 2816095 1 7 58746 0.40 2 0 29444 29373.00 0.00 29373.00
98 2014702 1 9 34986 0.24 2 0 29032 17493.00 0.00 17493.00
99 2828748 1 2 44034 0.30 4 0 26938 11008.50 0.00 11008.50
100 2021584 1 4 26890 0.18 1 0 26890 26890.00 0.00 26890.00
101 2023623 1 3 106582 0.73 16 0 25112 6661.38 0.00 6661.38
102 2019019 1 3 23448 0.16 1 0 23448 23448.00 0.00 23448.00
103 2008116 1 4 82432 0.57 11 0 22388 7493.82 0.00 7493.82
104 2801347 1 5 78726 0.54 13 0 13936 6055.85 0.00 6055.85
105 2008120 1 4 379920 2.61 68 0 13472 5587.06 0.00 5587.06
106 2008420 1 4 29792 0.20 4 0 8648 7448.00 0.00 7448.00
107 2802205 1 3 64960 0.45 11 0 8634 5905.45 0.00 5905.45
108 2010142 1 4 358356 2.46 67 0 8396 5348.60 0.00 5348.60
109 2023627 1 3 127530 0.88 22 0 8252 5796.82 0.00 5796.82
110 2014704 1 7 16068 0.11 2 0 8132 8034.00 0.00 8034.00
111 2828876 1 1 26760 0.18 4 0 7958 6690.00 0.00 6690.00
112 2802822 1 1 57164 0.39 10 0 7878 5716.40 0.00 5716.40
113 2025401 1 2 35216 0.24 6 0 7664 5869.33 0.00 5869.33
114 2102523 1 8 13710 0.09 2 0 7492 6855.00 0.00 6855.00
115 2010143 1 3 367374 2.52 67 0 7478 5483.19 0.00 5483.19
116 2100540 1 12 27334 0.19 4 0 7436 6833.50 0.00 6833.50
117 2823788 1 4 7118 0.05 1 0 7118 7118.00 0.00 7118.00
118 2023624 1 3 160534 1.10 29 0 7036 5535.66 0.00 5535.66
119 2816382 1 1 13486 0.09 2 0 7004 6743.00 0.00 6743.00
120 2023622 1 3 245364 1.69 45 0 6924 5452.53 0.00 5452.53
121 2019017 1 3 41544 0.29 7 0 6894 5934.86 0.00 5934.86
122 2019010 1 3 41866 0.29 7 0 6844 5980.86 0.00 5980.86
123 2810793 1 5 12052 0.08 2 0 6838 6026.00 0.00 6026.00
124 2828877 1 1 23682 0.16 4 0 6812 5920.50 0.00 5920.50
125 2008118 1 3 23
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 | ------------------------------------------------------------------------------------
Date: 1/5/2021 -- 21:35:07 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
decoder.pkts | Total | 299
decoder.bytes | Total | 27715
decoder.ipv4 | Total | 50
decoder.ipv6 | Total | 59
decoder.ethernet | Total | 299
decoder.tcp | Total | 28
decoder.udp | Total | 68
decoder.icmpv6 | Total | 13
decoder.avg_pkt_size | Total | 92
decoder.max_pkt_size | Total | 1260
flow.tcp | Total | 2
flow.udp | Total | 25
flow.icmpv6 | Total | 2
tcp.sessions | Total | 2
tcp.syn | Total | 2
tcp.synack | Total | 2
tcp.rst | Total | 1
detect.mpm_list | Total | 6
detect.nonmpm_list | Total | 1
detect.match_list | Total | 7
app_layer.flow.http | Total | 2
app_layer.tx.http | Total | 2
app_layer.flow.dns_udp | Total | 1
app_layer.tx.dns_udp | Total | 1
app_layer.flow.failed_udp | Total | 24
flow.spare | Total | 9993
flow_mgr.flows_checked | Total | 3
flow_mgr.flows_notimeout | Total | 3
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_empty | Total | 65533
flow_mgr.rows_maxlen | Total | 1
tcp.memuse | Total | 573440
tcp.reassembly_memuse | Total | 81920
flow.memuse | Total | 7075168
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 | lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/8e58d46d8214c253807f44673406389256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01052021.2133-2fea38ea-c02e-48b4-be19-7b4159f04048.pcap -vvv -k none
elapsedtime:25.892369
stderr:
stdout:
5/1/2021 -- 21:34:41 - <Info> - Configuration node 'rule-files' redefined.
5/1/2021 -- 21:34:41 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/1/2021 -- 21:34:41 - <Info> - CPUs/cores online: 1
5/1/2021 -- 21:34:41 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34122 and 'request-body-inspect-window' set to 16255 after randomization.
5/1/2021 -- 21:34:41 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31361 and 'response-body-inspect-window' set to 16992 after randomization.
5/1/2021 -- 21:34:41 - <Config> - DNS request flood protection level: 500
5/1/2021 -- 21:34:41 - <Config> - DNS per flow memcap (state-memcap): 524288
5/1/2021 -- 21:34:41 - <Config> - DNS global memcap: 16777216
5/1/2021 -- 21:34:41 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/1/2021 -- 21:34:41 - <Config> - preallocated 1000 hosts of size 136
5/1/2021 -- 21:34:41 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/1/2021 -- 21:34:41 - <Config> - using magic-file /usr/share/file/magic
5/1/2021 -- 21:34:41 - <Config> - Core dump size is unlimited.
5/1/2021 -- 21:34:41 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/1/2021 -- 21:34:41 - <Config> - preallocated 1000 defrag trackers of size 168
5/1/2021 -- 21:34:41 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/1/2021 -- 21:34:41 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/1/2021 -- 21:34:41 - <Config> - stream "memcap": 33554432
5/1/2021 -- 21:34:41 - <Config> - stream "midstream" session pickups: disabled
5/1/2021 -- 21:34:41 - <Config> - stream "async-oneside": disabled
5/1/2021 -- 21:34:41 - <Config> - stream "checksum-validation": disabled
5/1/2021 -- 21:34:41 - <Config> - stream."inline": disabled
5/1/2021 -- 21:34:41 - <Config> - stream "bypass": disabled
5/1/2021 -- 21:34:41 - <Config> - stream "max-synack-queued": 5
5/1/2021 -- 21:34:41 - <Config> - stream.reassembly "memcap": 134217728
5/1/2021 -- 21:34:41 - <Config> - stream.reassembly "depth": 0
5/1/2021 -- 21:34:41 - <Config> - stream.reassembly "toserver-chunk-size": 2587
5/1/2021 -- 21:34:41 - <Config> - stream.reassembly "toclient-chunk-size": 2543
5/1/2021 -- 21:34:41 - <Config> - stream.reassembly.raw: enabled
5/1/2021 -- 21:34:41 - <Config> - stream.reassembly "segment-prealloc": 2048
5/1/2021 -- 21:34:41 - <Config> - Delayed detect disabled
5/1/2021 -- 21:34:41 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/1/2021 -- 21:34:41 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/1/2021 -- 21:34:41 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/1/2021 -- 21:34:41 - <Config> - prefilter engines: MPM
5/1/2021 -- 21:34:41 - <Config> - IP reputation disabled
5/1/2021 -- 21:34:41 - <Perf> - Registered 148 keyword profiling counters.
5/1/2021 -- 21:34:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/1/2021 -- 21:34:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/1/2021 -- 21:34:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/1/2021 -- 21:34:47 - <Config> - No rules loaded from ET-icmp.rules.
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/1/2021 -- 21:34:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/1/2021 -- 21:34:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/1/2021 -- 21:34:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/1/2021 -- 21:34:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/1/2021 -- 21:34:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/1/2021 -- 21:34:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/1/2021 -- 21:34:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/1/2021 -- 21:34:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/1/2021 -- 21:34:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/1/2021 -- 21:34:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/1/2021 -- 21:34:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/1/2021 -- 21:34:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/1/2021 -- 21:34:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/1/2021 -- 21:34:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/1/2021 -- 21:34:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/1/2021 -- 21:34:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/1/2021 -- 21:34:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/1/2021 -- 21:34:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/1/2021 -- 21:34:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/1/2021 -- 21:34:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/1/2021 -- 21:34:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/1/2021 -- 21:34:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/1/2021 -- 21:34:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/1/2021 -- 21:34:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/1/2021 -- 21:34:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/1/2021 -- 21:34:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/1/2021 -- 21:34:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/1/2021 -- 21:34:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/1/2021 -- 21:34:55 - <Config> - No rules loaded from local.rules.
5/1/2021 -- 21:34:55 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/1/2021 -- 21:34:55 - <Info> - Threshold config parsed: 0 rule(s) found
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for tcp-packet
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for tcp-stream
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for udp-packet
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for other-ip
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_uri
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_request_line
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_client_body
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_response_line
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_header
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_header
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_header_names
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_header_names
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_accept
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_accept_enc
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_accept_lang
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_referer
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_connection
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_content_len
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_content_len
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_content_type
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_content_type
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_protocol
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_protocol
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_start
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_start
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_raw_header
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_raw_header
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_method
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_cookie
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_cookie
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_raw_uri
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_user_agent
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_host
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_raw_host
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_stat_msg
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_stat_code
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for dns_query
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for tls_sni
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for dce_stub_data
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for dce_stub_data
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for ssh_protocol
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for ssh_protocol
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for ssh_software
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for ssh_software
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for file_data
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for file_data
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_request_line
5/1/2021 -- 21:34:56 - <Perf> - using shared mpm ctx' for http_response_line
5/1/2021 -- 21:34:56 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/1/2021 -- 21:34:56 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/1/2021 -- 21:34:56 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/1/2021 -- 21:34:56 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/1/2021 -- 21:34:56 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/1/2021 -- 21:34:56 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/1/2021 -- 21:34:56 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/1/2021 -- 21:34:56 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/1/2021 -- 21:35:02 - <Perf> - Unique rule groups: 104
5/1/2021 -- 21:35:02 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/1/2021 -- 21:35:02 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/1/2021 -- 21:35:02 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/1/2021 -- 21:35:02 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/1/2021 -- 21:35:02 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/1/2021 -- 21:35:02 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/1/2021 -- 21:35:02 - <Perf> - Builtin MPM "other IP packet": 3
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_header": 10
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient http_header": 6
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_start": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_method": 5
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver http_host": 2
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toserver file_data": 1
5/1/2021 -- 21:35:02 - <Perf> - AppLayer MPM "toclient file_data": 7
5/1/2021 -- 21:35:05 - <Perf> - Registered 39590 rule profiling counters.
5/1/2021 -- 21:35:05 - <Info> - fast output device (regular) initialized: alert
5/1/2021 -- 21:35:05 - <Info> - eve-log output device (regular) initialized: eve.json
5/1/2021 -- 21:35:05 - <Config> - enabling 'eve-log' module 'alert'
5/1/2021 -- 21:35:05 - <Config> - enabling 'eve-log' module 'http'
5/1/2021 -- 21:35:05 - <Config> - enabling 'eve-log' module 'dns'
5/1/2021 -- 21:35:05 - <Config> - enabling 'eve-log' module 'tls'
5/1/2021 -- 21:35:05 - <Config> - enabling 'eve-log' module 'files'
5/1/2021 -- 21:35:05 - <Config> - enabling 'eve-log' module 'ssh'
5/1/2021 -- 21:35:05 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/1/2021 -- 21:35:05 - <Info> - stats output device (regular) initialized: stats.log
5/1/2021 -- 21:35:05 - <Config> - AutoFP mode using "Hash" flow load balancer
5/1/2021 -- 21:35:05 - <Info> - reading pcap file /var/pcap/01052021.2133-2fea38ea-c02e-48b4-be19-7b4159f04048.pcap
5/1/2021 -- 21:35:05 - <Config> - using 1 flow manager threads
5/1/2021 -- 21:35:05 - <Config> - using 1 flow recycler threads
5/1/2021 -- 21:35:05 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin
|
1 2 3 4 5 6 7 | {"timestamp":"2020-06-22T12:25:50.539872+0000","flow_id":333519835249888,"pcap_cnt":33,"event_type":"dns","src_ip":"192.168.100.155","src_port":49492,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11644,"rrname":"t.amynx.com","rrtype":"A","tx_id":0}}
{"timestamp":"2020-06-22T12:25:50.545353+0000","flow_id":333519835249888,"pcap_cnt":34,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.155","dest_port":49492,"proto":"UDP","dns":{"type":"answer","id":11644,"rcode":"NOERROR","rrname":"t.amynx.com","rrtype":"A","ttl":20854,"rdata":"66.42.43.37"}}
{"timestamp":"2020-06-22T12:25:50.545353+0000","flow_id":333519835249888,"pcap_cnt":34,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.155","dest_port":49492,"proto":"UDP","dns":{"type":"answer","id":11644,"rcode":"NOERROR","rrname":"t.amynx.com","rrtype":"A","ttl":20854,"rdata":"172.104.7.85"}}
{"timestamp":"2020-06-22T12:25:51.162593+0000","flow_id":82148284339235,"pcap_cnt":45,"event_type":"http","src_ip":"192.168.100.155","src_port":49232,"dest_ip":"66.42.43.37","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"t.amynx.com","url":"\/7p.php?0.7*mail_doc*admin*USER-PC*6","http_content_type":"application\/octet-stream"}}
{"timestamp":"2020-06-22T12:25:55.618784+0000","flow_id":795520877618341,"pcap_cnt":65,"event_type":"http","src_ip":"192.168.100.155","src_port":49268,"dest_ip":"66.42.43.37","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"t.amynx.com","url":"\/mail.jsp?doc_0.7?admin*USER-PC*6","http_content_type":"application\/octet-stream"}}
{"timestamp":"2020-06-22T12:27:00.412258+0000","flow_id":795520877618341,"pcap_cnt":193,"event_type":"fileinfo","src_ip":"66.42.43.37","src_port":80,"dest_ip":"192.168.100.155","dest_port":49268,"proto":"TCP","http":{"hostname":"t.amynx.com","url":"\/mail.jsp?doc_0.7?admin*USER-PC*6","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":5987},"app_proto":"http","fileinfo":{"filename":"\/mail.jsp","gaps":false,"state":"CLOSED","stored":false,"size":5987,"tx_id":0}}
{"timestamp":"2020-06-22T12:28:15.178070+0000","flow_id":82148284339235,"event_type":"fileinfo","src_ip":"66.42.43.37","src_port":80,"dest_ip":"192.168.100.155","dest_port":49232,"proto":"TCP","http":{"hostname":"t.amynx.com","url":"\/7p.php?0.7*mail_doc*admin*USER-PC*6","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2482},"app_proto":"http","fileinfo":{"filename":"\/7p.php","gaps":false,"state":"CLOSED","stored":false,"size":2482,"tx_id":0}}
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 | --------------------------------------------------------------------------------------------------------------------------------
Date: 1/5/2021 -- 21:35:07
--------------------------------------------------------------------------------------------------------------------------------
Stats for: total
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 822232 119 119 29858 6909.00 6909.00 0.00
content 1528168 194 139 50576 7877.00 7856.00 7929.00
pcre 1217392 33 0 499250 36890.00 0.00 36890.00
byte_test 192934 28 21 29392 6890.00 7282.00 5713.00
byte_jump 34224 5 5 11726 6844.00 6844.00 0.00
isdataat 5822 1 0 5822 5822.00 0.00 5822.00
flowbits 249742 24 6 74228 10405.00 17651.00 7990.00
urilen 890110 31 13 653146 28713.00 57791.00 7712.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 822232 119 119 29858 6909.00 6909.00 0.00
flowbits 167150 22 4 41878 7597.00 5828.00 7990.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet/stream payload
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 422936 50 35 48378 8458.00 8613.00 8097.00
pcre 176702 7 0 94720 25243.00 0.00 25243.00
byte_test 192934 28 21 29392 6890.00 7282.00 5713.00
byte_jump 34224 5 5 11726 6844.00 6844.00 0.00
isdataat 5822 1 0 5822 5822.00 0.00 5822.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: post-match
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flowbits 82592 2 2 74228 41296.00 41296.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_uri
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 461520 60 37 28098 7692.00 7980.00 7228.00
pcre 997318 23 0 499250 43361.00 0.00 43361.00
urilen 890110 31 13 653146 28713.00 57791.00 7712.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_response_line
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 12938 2 0 6610 6469.00 0.00 6469.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 439984 52 44 50576 8461.00 7835.00 11905.00
pcre 43372 3 0 16764 14457.00 0.00 14457.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header_names
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 129028 20 20 7288 6451.00 6451.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_method
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 61762 10 3 7550 6176.00 7176.00 5747.00
|
1 2 3 4 5 6 7 8 | 2021-01-05 21:34:40,605 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2021-01-05 21:34:41,457 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2021-01-05 21:34:41,457 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2021-01-05 21:34:41,458 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2021-01-05 21:34:41,458 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2021-01-05 21:34:41,458 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/8e58d46d8214c253807f44673406389256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01052021.2133-2fea38ea-c02e-48b4-be19-7b4159f04048.pcap -vvv -k none
2021-01-05 21:35:07,353 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2021-01-05 21:35:07,354 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.7576329708
|