Filename: 2fea38ea-c02e-48b4-be19-7b4159f04048.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.76390099525 seconds
Hash: 8e58d46d8214c253807f446734063892
Uploaded: 1609882386

Logfiles


packet_stats.log - (16382 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            29          6112256       68665752      49692755          1.4b   26.67
 IPv4      17            22          4642060       48087922      12926143        284.4m    5.26
 IPv6      17            46          4183936       76595116      61926075          2.8b   52.72
 IPv6      58            13         57216130       73942000      63757630        828.8m   15.34
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            29           137256       10802842       1035725         30.0m   41.54
TMM_FLOWWORKER              IPv4      17            22           228168       18666982       1179626         26.0m   35.89
TMM_RECEIVEPCAPFILE         IPv4       6            28             5162           6756          5500        154.0k    0.21
TMM_RECEIVEPCAPFILE         IPv4      17            22             5176           6598          5553        122.2k    0.17
TMM_DECODEPCAPFILE          IPv4       6            28             5302          19104          5997        167.9k    0.23
TMM_DECODEPCAPFILE          IPv4      17            22             5306           6802          5520        121.4k    0.17
TMM_FLOWWORKER              IPv6      17            46           205936         573424        279553         12.9m   17.79
TMM_FLOWWORKER              IPv6      58            13           132872         240008        162598          2.1m    2.92
TMM_RECEIVEPCAPFILE         IPv6      17            46             5156          52734          6704        308.4k    0.43
TMM_RECEIVEPCAPFILE         IPv6      58            13             5152           5756          5462         71.0k    0.10
TMM_DECODEPCAPFILE          IPv6      17            46             5316          45664          6595        303.4k    0.42
TMM_DECODEPCAPFILE          IPv6      58            13             5358          22236          6924         90.0k    0.12

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            28             5750         431578         21909        613.5k  1.24  
flow                    IPv4      17            22             5488          16832          8761        192.8k  0.39  
stream                  IPv4       6            29             7260         545282         64954          1.9m  3.80  
app-layer               IPv4      17            22             5158          73632         11945        262.8k  0.53  
detect                  IPv4       6            29            90856       10727678        890544         25.8m  52.16 
detect                  IPv4      17            22           195982         712754        313738          6.9m  13.94 
tcp-prune               IPv4       6            29             5206          12102          6377        184.9k  0.37  
flow                    IPv6      17            46             5482          40026          8635        397.2k  0.80  
flow                    IPv6      58            13             5516           9194          6498         84.5k  0.17  
app-layer               IPv6      17            46             5178          61900         11917        548.2k  1.11  
detect                  IPv6      17            46           173744         436046        235029         10.8m  21.84 
detect                  IPv6      58            13           110646         213042        138867          1.8m  3.65  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3            13018          46130         27019         81.1k  11.61 
dns                     IPv4      17             2            12520          36284         24402         48.8k  6.99  
http                    IPv6      17            16            21910          46130         35533        568.5k  81.41 
Proto detect            IPv4      17             7             5552          21206         10322         72.3k
Proto detect            IPv6      17            19             5814          49008          8844        168.0k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2            93954       17944290       9019122         18.0m  96.61 
LOGGER_JSON_HTTP            IPv4       6             2           116014         149286        132650        265.3k  1.42  
LOGGER_JSON_FILE            IPv4       6             2           162786         205516        184151        368.3k  1.97  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            15             5350         338536         66646       999.7k  19.84 
payload                           IPv4      17            22             5830         188800         26611       585.5k  11.62 
stream                            IPv4       6            15             5150         442346         79918         1.2m  23.79 
http_uri                          IPv4       6             2            22406          23112         22759        45.5k  0.90  
http_request_line                 IPv4       6             2             9674           9826          9750        19.5k  0.39  
http_client_body                  IPv4       6             2             6786          15626         11206        22.4k  0.44  
http_header (request)             IPv4       6             2            20332          29110         24721        49.4k  0.98  
http_header (request trailer)     IPv4       6             2             5440           6590          6015        12.0k  0.24  
http_header_names (request)       IPv4       6             2            19706          20728         20217        40.4k  0.80  
http_accept (request)             IPv4       6             2             7180           7740          7460        14.9k  0.30  
http_referer (request)            IPv4       6             2             5904           9180          7542        15.1k  0.30  
http_content_len (request)        IPv4       6             2             6028           6504          6266        12.5k  0.25  
http_content_type (request)       IPv4       6             2             5878           6142          6010        12.0k  0.24  
http_start (request)              IPv4       6             2            13570         449680        231625       463.2k  9.19  
http_raw_header (request)         IPv4       6             2            13304          44644         28974        57.9k  1.15  
http_method                       IPv4       6             2             6788           8486          7637        15.3k  0.30  
http_cookie (request)             IPv4       6             2             6228           6274          6251        12.5k  0.25  
http_raw_uri                      IPv4       6             2             8282           9224          8753        17.5k  0.35  
http_user_agent                   IPv4       6             2             5638           5838          5738        11.5k  0.23  
http_host                         IPv4       6             2             9748          10444         10096        20.2k  0.40  
dns_query                         IPv4      17             1            12438          12438         12438        12.4k  0.25  
http_response_line                IPv4       6             2            14210          20262         17236        34.5k  0.68  
http_header (response)            IPv4       6             2            52120          59118         55619       111.2k  2.21  
http_header (response trailer)    IPv4       6             2             5214           5972          5593        11.2k  0.22  
http_content_type (response)      IPv4       6             2            11362          11608         11485        23.0k  0.46  
http_raw_header (response)        IPv4       6             3            10014          18312         15278        45.8k  0.91  
http_cookie (response)            IPv4       6             2             6508           6836          6672        13.3k  0.26  
http_stat_code                    IPv4       6             2             7030           7516          7273        14.5k  0.29  
file_data (http response)         IPv4       6             3             7430         186376        120737       362.2k  7.19  
Total                             IPv4                   105                                         40516         4.3m
payload                           IPv6      17            46             6010          94460         13578       624.6k  12.40 
payload                           IPv6      58            13             5690          52994         12253       159.3k  3.16  
Total                             IPv6                    59                                         13286       783.9k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            22710          83228         50901        203.6k  0.40  
PROF_DETECT_IPONLY          IPv4      17             7            26160         149946         56407        394.9k  0.77  
PROF_DETECT_RULES           IPv4       6            29             5164        2327966        234526          6.8m  13.27 
PROF_DETECT_RULES           IPv4      17            22            79004         297582        142571          3.1m  6.12  
PROF_DETECT_STATEFUL_START    IPv4       6            10            10558        2021926        333094          3.3m  6.50  
PROF_DETECT_STATEFUL_CONT    IPv4       6            29             5124          14680          7662        222.2k  0.43  
PROF_DETECT_STATEFUL_CONT    IPv4      17            22             5120          34616          7729        170.0k  0.33  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            21             5202          28856          7841        164.7k  0.32  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             6148           6370          6259         12.5k  0.02  
PROF_DETECT_PREFILTER       IPv4       6            29            16328       10634538        557192         16.2m  31.52 
PROF_DETECT_PREFILTER       IPv4      17            22            47656         235578         72768          1.6m  3.12  
PROF_DETECT_PF_PAYLOAD      IPv4       6            15            31038         910868        192358          2.9m  5.63  
PROF_DETECT_PF_PAYLOAD      IPv4      17            22            16322         199732         37340        821.5k  1.60  
PROF_DETECT_PF_TX           IPv4       6            21             5390         739576         92921          2.0m  3.81  
PROF_DETECT_PF_TX           IPv4      17             1            23964          23964         23964         24.0k  0.05  
PROF_DETECT_PF_SORT1        IPv4       6             7             5222          11616          6338         44.4k  0.09  
PROF_DETECT_PF_SORT1        IPv4      17            22             5238           9874          6238        137.3k  0.27  
PROF_DETECT_PF_SORT2        IPv4       6            29             5142          27728          6662        193.2k  0.38  
PROF_DETECT_PF_SORT2        IPv4      17            22             5172           7080          5751        126.5k  0.25  
PROF_DETECT_NONMPMLIST      IPv4       6            29             5168          26382          6462        187.4k  0.37  
PROF_DETECT_NONMPMLIST      IPv4      17            22             5138          15672          6340        139.5k  0.27  
PROF_DETECT_ALERT           IPv4       6            29             5168           9268          5738        166.4k  0.32  
PROF_DETECT_ALERT           IPv4      17            22             5138           6572          5397        118.7k  0.23  
PROF_DETECT_CLEANUP         IPv4       6            29             5278          14030          6432        186.6k  0.36  
PROF_DETECT_CLEANUP         IPv4      17            22             5118           9300          5648        124.3k  0.24  
PROF_DETECT_GETSGH          IPv4       6            29             5134          19210          6686        193.9k  0.38  
PROF_DETECT_GETSGH          IPv4      17            22             5170          13274          7520        165.5k  0.32  
PROF_DETECT_IPONLY          IPv6      17            19             5718          37338          8036        152.7k  0.30  
PROF_DETECT_IPONLY          IPv6      58             2             6636          15238         10937         21.9k  0.04  
PROF_DETECT_RULES           IPv6      17            46            47170         222732         86776          4.0m  7.79  
PROF_DETECT_RULES           IPv6      58            13             5160          17124          6604         85.9k  0.17  
PROF_DETECT_STATEFUL_CONT    IPv6      17            46             5118           6740          5457        251.1k  0.49  
PROF_DETECT_STATEFUL_CONT    IPv6      58            13             5120           5462          5379         69.9k  0.14  
PROF_DETECT_PREFILTER       IPv6      17            46            47604         142250         59455          2.7m  5.34  
PROF_DETECT_PREFILTER       IPv6      58            13            37104          92448         45907        596.8k  1.16  
PROF_DETECT_PF_PAYLOAD      IPv6      17            46            16278         104776         24596          1.1m  2.21  
PROF_DETECT_PF_PAYLOAD      IPv6      58            13            15956          65402         23193        301.5k  0.59  
PROF_DETECT_PF_SORT1        IPv6      17            46             5188          21312          6022        277.0k  0.54  
PROF_DETECT_PF_SORT2        IPv6      17            46             5148          24384          5729        263.6k  0.51  
PROF_DETECT_PF_SORT2        IPv6      58            13             5126           7328          5624         73.1k  0.14  
PROF_DETECT_NONMPMLIST      IPv6      17            46             5140          15216          5731        263.7k  0.51  
PROF_DETECT_NONMPMLIST      IPv6      58            13             5140           5918          5448         70.8k  0.14  
PROF_DETECT_ALERT           IPv6      17            46             5144          21372          5660        260.4k  0.51  
PROF_DETECT_ALERT           IPv6      58            13             5140           5438          5240         68.1k  0.13  
PROF_DETECT_CLEANUP         IPv6      17            46             5128           9716          5697        262.1k  0.51  
PROF_DETECT_CLEANUP         IPv6      58            13             5132           7538          5462         71.0k  0.14  
PROF_DETECT_GETSGH          IPv6      17            46             5132          66636         11181        514.4k  1.00  
PROF_DETECT_GETSGH          IPv6      58            13             5154          39454         10500        136.5k  0.27  


suricata-report-2021-01-05-T-21-33-16-01052021.2133-2fea38ea-c02e-48b4-be19-7b4159f04048.pcap.txt - (17803 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/8e58d46d8214c253807f446734063892d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/01052021.2133-2fea38ea-c02e-48b4-be19-7b4159f04048.pcap -vvv -k none
elapsedtime:8.573911
stderr:
stdout:
5/1/2021 -- 21:33:07 - <Info> - Configuration node 'rule-files' redefined.
5/1/2021 -- 21:33:07 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/1/2021 -- 21:33:07 - <Info> - CPUs/cores online: 1
5/1/2021 -- 21:33:07 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31535 and 'request-body-inspect-window' set to 17122 after randomization.
5/1/2021 -- 21:33:07 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32427 and 'response-body-inspect-window' set to 15716 after randomization.
5/1/2021 -- 21:33:07 - <Config> - DNS request flood protection level: 500
5/1/2021 -- 21:33:07 - <Config> - DNS per flow memcap (state-memcap): 524288
5/1/2021 -- 21:33:07 - <Config> - DNS global memcap: 16777216
5/1/2021 -- 21:33:07 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/1/2021 -- 21:33:07 - <Config> - preallocated 1000 hosts of size 136
5/1/2021 -- 21:33:07 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/1/2021 -- 21:33:07 - <Config> - using magic-file /usr/share/file/magic
5/1/2021 -- 21:33:07 - <Config> - Core dump size is unlimited.
5/1/2021 -- 21:33:07 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/1/2021 -- 21:33:07 - <Config> - preallocated 1000 defrag trackers of size 168
5/1/2021 -- 21:33:07 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/1/2021 -- 21:33:07 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/1/2021 -- 21:33:07 - <Config> - stream "memcap": 33554432
5/1/2021 -- 21:33:07 - <Config> - stream "midstream" session pickups: disabled
5/1/2021 -- 21:33:07 - <Config> - stream "async-oneside": disabled
5/1/2021 -- 21:33:07 - <Config> - stream "checksum-validation": disabled
5/1/2021 -- 21:33:07 - <Config> - stream."inline": disabled
5/1/2021 -- 21:33:07 - <Config> - stream "bypass": disabled
5/1/2021 -- 21:33:07 - <Config> - stream "max-synack-queued": 5
5/1/2021 -- 21:33:07 - <Config> - stream.reassembly "memcap": 134217728
5/1/2021 -- 21:33:07 - <Config> - stream.reassembly "depth": 0
5/1/2021 -- 21:33:07 - <Config> - stream.reassembly "toserver-chunk-size": 2589
5/1/2021 -- 21:33:07 - <Config> - stream.reassembly "toclient-chunk-size": 2555
5/1/2021 -- 21:33:07 - <Config> - stream.reassembly.raw: enabled
5/1/2021 -- 21:33:07 - <Config> - stream.reassembly "segment-prealloc": 2048
5/1/2021 -- 21:33:07 - <Config> - Delayed detect disabled
5/1/2021 -- 21:33:07 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/1/2021 -- 21:33:07 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/1/2021 -- 21:33:07 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/1/2021 -- 21:33:07 - <Config> - prefilter engines: MPM
5/1/2021 -- 21:33:07 - <Config> - IP reputation disabled
5/1/2021 -- 21:33:07 - <Perf> - Registered 148 keyword profiling counters.
5/1/2021 -- 21:33:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
5/1/2021 -- 21:33:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
5/1/2021 -- 21:33:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
5/1/2021 -- 21:33:09 - <Config> - No rules loaded from ET-emerging-icmp.rules.
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
5/1/2021 -- 21:33:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
5/1/2021 -- 21:33:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
5/1/2021 -- 21:33:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
5/1/2021 -- 21:33:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
5/1/2021 -- 21:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
5/1/2021 -- 21:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
5/1/2021 -- 21:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
5/1/2021 -- 21:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
5/1/2021 -- 21:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
5/1/2021 -- 21:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
5/1/2021 -- 21:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
5/1/2021 -- 21:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
5/1/2021 -- 21:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
5/1/2021 -- 21:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
5/1/2021 -- 21:33:13 - <Config> - No rules loaded from local.rules.
5/1/2021 -- 21:33:13 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
5/1/2021 -- 21:33:13 - <Info> - Threshold config parsed: 0 rule(s) found
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for tcp-packet
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for tcp-stream
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for udp-packet
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for other-ip
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_uri
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_request_line
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_client_body
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_response_line
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_header
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_header
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_header_names
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_header_names
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_accept
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_accept_enc
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_accept_lang
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_referer
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_connection
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_content_len
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_content_len
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_content_type
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_content_type
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_protocol
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_protocol
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_start
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_start
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_raw_header
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_raw_header
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_method
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_cookie
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_cookie
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_raw_uri
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_user_agent
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_host
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_raw_host
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_stat_msg
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_stat_code
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for dns_query
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for tls_sni
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for dce_stub_data
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for dce_stub_data
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for ssh_protocol
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for ssh_protocol
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for ssh_software
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for ssh_software
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for file_data
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for file_data
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_request_line
5/1/2021 -- 21:33:13 - <Perf> - using shared mpm ctx' for http_response_line
5/1/2021 -- 21:33:13 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
5/1/2021 -- 21:33:13 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/1/2021 -- 21:33:13 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
5/1/2021 -- 21:33:13 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
5/1/2021 -- 21:33:13 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
5/1/2021 -- 21:33:13 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
5/1/2021 -- 21:33:13 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
5/1/2021 -- 21:33:13 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/1/2021 -- 21:33:14 - <Perf> - Unique rule groups: 111
5/1/2021 -- 21:33:14 - <Perf> - Builtin MPM "toserver TCP packet": 31
5/1/2021 -- 21:33:14 - <Perf> - Builtin MPM "toclient TCP packet": 20
5/1/2021 -- 21:33:14 - <Perf> - Builtin MPM "toserver TCP stream": 31
5/1/2021 -- 21:33:14 - <Perf> - Builtin MPM "toclient TCP stream": 21
5/1/2021 -- 21:33:14 - <Perf> - Builtin MPM "toserver UDP packet": 33
5/1/2021 -- 21:33:14 - <Perf> - Builtin MPM "toclient UDP packet": 15
5/1/2021 -- 21:33:14 - <Perf> - Builtin MPM "other IP packet": 2
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_uri": 8
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_header": 6
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient http_header": 3
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_header_names": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_start": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_method": 3
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver http_host": 2
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver tls_sni": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toserver file_data": 1
5/1/2021 -- 21:33:14 - <Perf> - AppLayer MPM "toclient file_data": 5
5/1/2021 -- 21:33:15 - <Perf> - Registered 18241 rule profiling counters.
5/1/2021 -- 21:33:15 - <Info> - fast output device (regular) initialized: alert
5/1/2021 -- 21:33:15 - <Info> - eve-log output device (regular) initialized: eve.json
5/1/2021 -- 21:33:15 - <Config> - enabling 'eve-log' module 'alert'
5/1/2021 -- 21:33:15 - <Config> - enabling 'eve-log' module 'http'
5/1/2021 -- 21:33:15 - <Config> - enabling 'eve-log' module 'dns'
5/1/2021 -- 21:33:15 - <Config> - enabling 'eve-log' module 'tls'
5/1/2021 -- 21:33:15 - <Config> - enabling 'eve-log' module 'files'
5/1/2021 -- 21:33:15 - <Config> - enabling 'eve-log' module 'ssh'
5/1/2021 -- 21:33:15 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/1/2021 -- 21:33:15 - <Info> - stats output device (regular) initialized: stats.log
5/1/2021 -- 21:33:15 - <Config> - AutoFP mode using "Hash" flow load balancer
5/1/2021 -- 21:33:15 - <Info> - reading

This file has been truncated. Go here to download in full.


stats.log - (2983 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 1/5/2021 -- 21:33:16 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 299
decoder.bytes                              | Total                     | 27715
decoder.ipv4                               | Total                     | 50
decoder.ipv6                               | Total                     | 59
decoder.ethernet                           | Total                     | 299
decoder.tcp                                | Total                     | 28
decoder.udp                                | Total                     | 68
decoder.icmpv6                             | Total                     | 13
decoder.avg_pkt_size                       | Total                     | 92
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 25
flow.icmpv6                                | Total                     | 2
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
tcp.rst                                    | Total                     | 1
detect.mpm_list                            | Total                     | 5
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 5
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 24
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 3
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65533
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077472


eve.json - (2670 bytes) - download
1
2
3
4
5
6
7
{"timestamp":"2020-06-22T12:25:50.539872+0000","flow_id":565241910803680,"pcap_cnt":33,"event_type":"dns","src_ip":"192.168.100.155","src_port":49492,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11644,"rrname":"t.amynx.com","rrtype":"A","tx_id":0}}
{"timestamp":"2020-06-22T12:25:50.545353+0000","flow_id":565241910803680,"pcap_cnt":34,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.155","dest_port":49492,"proto":"UDP","dns":{"type":"answer","id":11644,"rcode":"NOERROR","rrname":"t.amynx.com","rrtype":"A","ttl":20854,"rdata":"66.42.43.37"}}
{"timestamp":"2020-06-22T12:25:50.545353+0000","flow_id":565241910803680,"pcap_cnt":34,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.155","dest_port":49492,"proto":"UDP","dns":{"type":"answer","id":11644,"rcode":"NOERROR","rrname":"t.amynx.com","rrtype":"A","ttl":20854,"rdata":"172.104.7.85"}}
{"timestamp":"2020-06-22T12:25:51.162593+0000","flow_id":282439789220899,"pcap_cnt":45,"event_type":"http","src_ip":"192.168.100.155","src_port":49232,"dest_ip":"66.42.43.37","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"t.amynx.com","url":"\/7p.php?0.7*mail_doc*admin*USER-PC*6","http_content_type":"application\/octet-stream"}}
{"timestamp":"2020-06-22T12:25:55.618784+0000","flow_id":781046837830821,"pcap_cnt":65,"event_type":"http","src_ip":"192.168.100.155","src_port":49268,"dest_ip":"66.42.43.37","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"t.amynx.com","url":"\/mail.jsp?doc_0.7?admin*USER-PC*6","http_content_type":"application\/octet-stream"}}
{"timestamp":"2020-06-22T12:27:00.412258+0000","flow_id":781046837830821,"pcap_cnt":193,"event_type":"fileinfo","src_ip":"66.42.43.37","src_port":80,"dest_ip":"192.168.100.155","dest_port":49268,"proto":"TCP","http":{"hostname":"t.amynx.com","url":"\/mail.jsp?doc_0.7?admin*USER-PC*6","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":5987},"app_proto":"http","fileinfo":{"filename":"\/mail.jsp","gaps":false,"state":"CLOSED","stored":false,"size":5987,"tx_id":0}}
{"timestamp":"2020-06-22T12:28:15.178070+0000","flow_id":282439789220899,"event_type":"fileinfo","src_ip":"66.42.43.37","src_port":80,"dest_ip":"192.168.100.155","dest_port":49232,"proto":"TCP","http":{"hostname":"t.amynx.com","url":"\/7p.php?0.7*mail_doc*admin*USER-PC*6","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2482},"app_proto":"http","fileinfo":{"filename":"\/7p.php","gaps":false,"state":"CLOSED","stored":false,"size":2482,"tx_id":0}}


keyword_perf.log - (8549 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/5/2021 -- 21:33:16
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             353742          55              55              17146           6431.00         6431.00         0.00           
  content          1407018         75              49              835052          18760.00        7304.00         40349.00       
  pcre             227276          14              0               27422           16234.00        0.00            16234.00       
  byte_test        67692           9               4               20002           7521.00         9926.00         5597.00        
  isdataat         5730            1               0               5730            5730.00         0.00            5730.00        
  flowbits         33774           3               2               18290           11258.00        13396.00        6982.00        
  urilen           87298           14              3               7738            6235.00         6815.00         6077.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             353742          55              55              17146           6431.00         6431.00         0.00           
  flowbits         6982            1               0               6982            6982.00         0.00            6982.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          165196          21              13              20558           7866.00         7892.00         7823.00        
  pcre             20282           2               0               13224           10141.00        0.00            10141.00       
  byte_test        67692           9               4               20002           7521.00         9926.00         5597.00        
  isdataat         5730            1               0               5730            5730.00         0.00            5730.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         26792           2               2               18290           13396.00        13396.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1051850         26              19              835052          40455.00        6989.00         131292.00      
  pcre             206994          12              0               27422           17249.00        0.00            17249.00       
  urilen           87298           14              3               7738            6235.00         6815.00         6077.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12134           2               0               6412            6067.00         0.00            6067.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          36084           4               1               16118           9021.00         16118.00        6655.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          94646           14              12              10458           6760.00         6820.00         6403.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13006           2               2               6776            6503.00         6503.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          34102           6               2               5884            5683.00         5783.00         5634.00        


suricata-4.0.0-etopen-all-perf.txt-2021-01-05-T-21-33-16-01052021.2133-2fea38ea-c02e-48b4-be19-7b4159f04048.pcap.txt - (10965 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
  --------------------------------------------------------------------------
  Date: 1/5/2021 -- 21:33:16. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2016537      1        2        1709164      19.23  7        2        1010306     244166.29   570718.00   113545.60  
  2        2025162      1        2        980704       11.04  2        0        882930      490352.00   0.00        490352.00  
  3        2018342      1        2        131240       1.48   1        0        131240      131240.00   0.00        131240.00  
  4        2016706      1        20       93582        1.05   1        0        93582       93582.00    0.00        93582.00   
  5        2014442      1        6        81640        0.92   1        0        81640       81640.00    0.00        81640.00   
  6        2022770      1        2        80270        0.90   1        0        80270       80270.00    0.00        80270.00   
  7        2021418      1        9        77712        0.87   1        0        77712       77712.00    0.00        77712.00   
  8        2020963      1        2        76168        0.86   1        0        76168       76168.00    0.00        76168.00   
  9        2015877      1        6        72010        0.81   1        0        72010       72010.00    0.00        72010.00   
  10       2020181      1        8        71466        0.80   1        0        71466       71466.00    0.00        71466.00   
  11       2021413      1        2        67198        0.76   1        0        67198       67198.00    0.00        67198.00   
  12       2017713      1        7        65438        0.74   1        0        65438       65438.00    0.00        65438.00   
  13       2021718      1        4        64306        0.72   1        0        64306       64306.00    0.00        64306.00   
  14       2017119      1        4        63680        0.72   1        0        63680       63680.00    0.00        63680.00   
  15       2017076      1        9        63046        0.71   1        0        63046       63046.00    0.00        63046.00   
  16       2019094      1        5        62488        0.70   1        0        62488       62488.00    0.00        62488.00   
  17       2022901      1        2        61208        0.69   1        0        61208       61208.00    0.00        61208.00   
  18       2020962      1        3        60398        0.68   1        0        60398       60398.00    0.00        60398.00   
  19       2023083      1        2        115384       1.30   2        0        59876       57692.00    0.00        57692.00   
  20       2010140      1        7        532038       5.99   67       0        59330       7940.87     0.00        7940.87    
  21       2008377      1        5        58066        0.65   1        0        58066       58066.00    0.00        58066.00   
  22       2024771      1        1        111626       1.26   2        0        56298       55813.00    0.00        55813.00   
  23       2009702      1        5        61016        0.69   2        0        55006       30508.00    0.00        30508.00   
  24       2020964      1        2        53868        0.61   1        0        53868       53868.00    0.00        53868.00   
  25       2017261      1        3        53174        0.60   1        0        53174       53174.00    0.00        53174.00   
  26       2021399      1        3        52064        0.59   1        0        52064       52064.00    0.00        52064.00   
  27       2017948      1        2        51142        0.58   1        0        51142       51142.00    0.00        51142.00   
  28       2024829      1        2        49882        0.56   1        0        49882       49882.00    0.00        49882.00   
  29       2017552      1        6        230914       2.60   7        0        49112       32987.71    0.00        32987.71   
  30       2008782      1        5        94880        1.07   2        0        49058       47440.00    0.00        47440.00   
  31       2015889      1        9        45000        0.51   1        0        45000       45000.00    0.00        45000.00   
  32       2012707      1        5        83526        0.94   2        0        42910       41763.00    0.00        41763.00   
  33       2014701      1        12       47090        0.53   2        0        41442       23545.00    0.00        23545.00   
  34       2017454      1        12       41062        0.46   1        0        41062       41062.00    0.00        41062.00   
  35       2023622      1        3        300570       3.38   45       0        40710       6679.33     0.00        6679.33    
  36       2014967      1        3        39980        0.45   1        0        39980       39980.00    0.00        39980.00   
  37       2019378      1        12       39956        0.45   1        0        39956       39956.00    0.00        39956.00   
  38       2024606      1        2        39910        0.45   1        0        39910       39910.00    0.00        39910.00   
  39       2017036      1        3        39688        0.45   1        0        39688       39688.00    0.00        39688.00   
  40       2016809      1        5        39568        0.45   1        0        39568       39568.00    0.00        39568.00   
  41       2017556      1        3        39560        0.45   1        0        39560       39560.00    0.00        39560.00   
  42       2016073      1        7        39064        0.44   1        0        39064       39064.00    0.00        39064.00   
  43       2017456      1        3        38968        0.44   1        0        38968       38968.00    0.00        38968.00   
  44       2019230      1        2        39276        0.44   2        0        33590       19638.00    0.00        19638.00   
  45       2024650      1        1        32136        0.36   1        0        32136       32136.00    0.00        32136.00   
  46       2022543      1        1        31426        0.35   1        0        31426       31426.00    0.00        31426.00   
  47       2008120      1        4        412812       4.65   68       0        29606       6070.76     0.00        6070.76    
  48       2014702      1        9        33956        0.38   2        0        28290       16978.00    0.00        16978.00   
  49       2014703      1        9        33800        0.38   2        0        27890       16900.00    0.00        16900.00   
  50       2010142      1        4        365446       4.11   67       0        19388       5454.42     0.00        5454.42    
  51       2010143      1        3        369888       4.16   67       0        9398        5520.72     0.00        5520.72    
  52       2019017      1        3        43154        0.49   7        0        8216        6164.86     0.00        6164.86    
  53       2008420      1        4        26430        0.30   4        0        8130        6607.50     0.00        6607.50    
  54       2023625      1        3        152418       1.72   28       0        7954        5443.50     0.00        5443.50    
  55       2014704      1        7        14602        0.16   2        0        7584        7301.00     0.00        7301.00    
  56       2019011      1        3        58544        0.66   10       0        7552        5854.40     0.00        5854.40    
  57       2008116      1        4        62538        0.70   11       0        7282        5685.27     0.00        5685.27    
  58       2100540      1        12       25802        0.29   4        0        7172        6450.50     0.00        6450.50    
  59       2100518      1        8        62236        0.70   11       0        7130        5657.82     0.00        5657.82    
  60       2019016      1        3        57332        0.65   10       0        6930        5733.20     0.00        5733.20    
  61       2025200      1        1        13650        0.15   2        0        6880        6825.00     0.00        6825.00    
  62       2100540      1        12       24378        0.27   4        0        6814        6094.50     0.00        6094.50    
  63       2023623      1        3        84938        0.96   16       0        6794        5308.62     0.00        5308.62    
  64       2023627      1        3        118282       1.33   22       0        6678        5376.45     0.00        5376.45    
  65       2021584      1        4        6594         0.07   1        0        6594        6594.00     0.00        6594.00    
  66       2023619      1        3        38590        0.43   7        0        6572        5512.86     0.00        5512.86    
  67       2023624      1        3        156040       1.76   29       0        6502        5380.69     0.00        5380.69    
  68       2009243      1        2        23356        0.26   4        0        6318        5839.00     0.00        5839.00    
  69       2102523      1        8        12246        0.14   2        0        6228        6123.00     0.00        6123.00    
  70       2008118      1        3        22892        0.26   4        0        6206        5723.00     0.00        5723.00    
  71       2019010      1        3        40364        0.45   7        0        6122        5766.29     0.00        5766.29    
  72       2102523      1        8        11426        0.13   2        0        5766        5713.00     0.00        5713.00    
  73       2025401      1        2        32434        0.36   6        0        5704        5405.67     0.00        5405.67    
  74       2019019      1        3        5702         0.06   1        0        5702        5702.00     0.00        5702.00    
  75       2023626      1        3        167534       1.89   32       0        5684        5235.44     0.00        5235.44    
  76       2008117      1        3        53082        0.60   10       0        5666        5308.20     0.00        5308.20    
  77       2023617      1        3        26240        0.30   5        0        5662        5248.00     0.00        5248.00    
  78       2019012      1        3        5648         0.06   1        0        5648        5648.00     0.00        5648.00    
  79       2023612      1        4        26152        0.29   5        0        5466        5230.40     0.00        5230.40    
  80       2013075      1        8        5438         0.06   1        0        5438        5438.00     0.00        5438.00    
  81       2023614      1        3        5232         0.06   1        0        5232        5232.00     0.00        5232.00    
  82       2100474      1        5        5156         0.06   1        0        5156        5156.00     0.00        5156.00    


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2021-01-05 21:33:06,673 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2021-01-05 21:33:07,574 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2021-01-05 21:33:07,575 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2021-01-05 21:33:07,575 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2021-01-05 21:33:07,575 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2021-01-05 21:33:07,576 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/8e58d46d8214c253807f446734063892d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/01052021.2133-2fea38ea-c02e-48b4-be19-7b4159f04048.pcap -vvv -k none
2021-01-05 21:33:16,153 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2021-01-05 21:33:16,153 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.49599194527