Filename: 1fa57f2c-59fc-464e-9825-a2bb92d961d0.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 21.3959710598 seconds
Hash: 8ef03dab89ee83dfcd58123f20346eb4
Uploaded: 1556828714

Logfiles


packet_stats.log - (15194 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           335          1250286       98970526      73293263         24.6b   99.14
 IPv4      17            19          1366445       33225327       9009832        171.2m    0.69
 IPv6      17             9          1095008       10710366       4509602         40.6m    0.16
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           335            66216        8338056        223709         74.9m   87.93
TMM_FLOWWORKER              IPv4      17            19           123493        2126324        346470          6.6m    7.72
TMM_RECEIVEPCAPFILE         IPv4       6           326             2533           4855          2927        954.3k    1.12
TMM_RECEIVEPCAPFILE         IPv4      17            19             2545           2859          2747         52.2k    0.06
TMM_DECODEPCAPFILE          IPv4       6           326             2647          10629          2915        950.5k    1.12
TMM_DECODEPCAPFILE          IPv4      17            19             2689           3785          2870         54.5k    0.06
TMM_FLOWWORKER              IPv6      17             9           107270         303659        176933          1.6m    1.87
TMM_RECEIVEPCAPFILE         IPv6      17             9             2569          10207          3667         33.0k    0.04
TMM_DECODEPCAPFILE          IPv6      17             9             2691          41945          7554         68.0k    0.08

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           326             2826          33926          3536          1.2m  1.54  
flow                    IPv4      17            19             2650          17516          5259         99.9k  0.13  
stream                  IPv4       6           335             2679        8191716         41444         13.9m  18.52 
app-layer               IPv4      17            19             2522          56939          9856        187.3k  0.25  
detect                  IPv4       6           335            44200        5430784        156392         52.4m  69.88 
detect                  IPv4      17            19           107508         788129        231624          4.4m  5.87  
tcp-prune               IPv4       6           335             2537         390340          4105          1.4m  1.83  
flow                    IPv6      17             9             2649          29932          9580         86.2k  0.12  
app-layer               IPv6      17             9             2606          35982          8336         75.0k  0.10  
detect                  IPv6      17             9            91498         218544        147190          1.3m  1.77  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            16085          63282         39683         79.4k  48.09 
tls                     IPv4       6             9             2621           3134          2838         25.5k  15.48 
dns                     IPv4      17             4             5728          26877         15027         60.1k  36.43 
Proto detect            IPv4       6             9             2893           5489          3507         31.6k
Proto detect            IPv4      17             8             2739          25659          9650         77.2k
Proto detect            IPv6      17             4             3013          27755          9290         37.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             4            49674        1487349        415096          1.7m  65.59 
LOGGER_JSON_HTTP            IPv4       6             2            54319         115735         85027        170.1k  6.72  
LOGGER_JSON_TLS             IPv4       6             7            41537          93159         60465        423.3k  16.72 
LOGGER_JSON_FILE            IPv4       6             3            68918         124549         92533        277.6k  10.97 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            97             2573         455046         34886         3.4m  39.21 
payload                           IPv4      17            19             3247          29632          9134       173.6k  2.01  
stream                            IPv4       6            97             2538         437626         41087         4.0m  46.18 
http_uri                          IPv4       6             2            19355          22660         21007        42.0k  0.49  
http_request_line                 IPv4       6             2             7883           8806          8344        16.7k  0.19  
http_client_body                  IPv4       6             2             9210          42698         25954        51.9k  0.60  
http_header (request)             IPv4       6             2            80525         123493        102009       204.0k  2.36  
http_header (request trailer)     IPv4       6             2             2632           2707          2669         5.3k  0.06  
http_header_names (request)       IPv4       6             2            13447          22288         17867        35.7k  0.41  
http_accept (request)             IPv4       6             2             3551           4612          4081         8.2k  0.09  
http_referer (request)            IPv4       6             2             3391           3490          3440         6.9k  0.08  
http_content_len (request)        IPv4       6             2             3155           4672          3913         7.8k  0.09  
http_content_type (request)       IPv4       6             2             3164          11116          7140        14.3k  0.17  
http_protocol (request)           IPv4       6             2             4896           5273          5084        10.2k  0.12  
http_start (request)              IPv4       6             2            12612          12807         12709        25.4k  0.29  
http_raw_header (request)         IPv4       6             2            14758          15326         15042        30.1k  0.35  
http_method                       IPv4       6             2             6281           7161          6721        13.4k  0.16  
http_cookie (request)             IPv4       6             2             3195           3570          3382         6.8k  0.08  
http_raw_uri                      IPv4       6             2             5863           6204          6033        12.1k  0.14  
http_user_agent                   IPv4       6             2            42114          46849         44481        89.0k  1.03  
http_host                         IPv4       6             2             8502           9462          8982        18.0k  0.21  
dns_query                         IPv4      17             2             9545           9661          9603        19.2k  0.22  
tls_sni                           IPv4       6             7             4338           8038          5410        37.9k  0.44  
http_response_line                IPv4       6             2             6652           7653          7152        14.3k  0.17  
http_header (response)            IPv4       6             2            32618          39411         36014        72.0k  0.83  
http_header (response trailer)    IPv4       6             2            11051          22022         16536        33.1k  0.38  
http_content_type (response)      IPv4       6             2             7716           9180          8448        16.9k  0.20  
http_raw_header (response)        IPv4       6            10             3426          10507          5045        50.5k  0.58  
http_cookie (response)            IPv4       6             2             3048           3214          3131         6.3k  0.07  
http_stat_code                    IPv4       6             2             6325           7017          6671        13.3k  0.15  
tls_cert_issuer                   IPv4       6             7             3608           6066          4326        30.3k  0.35  
tls_cert_subject                  IPv4       6             7             3426           6086          4293        30.1k  0.35  
tls_cert_serial                   IPv4       6             7             3498           5233          4094        28.7k  0.33  
file_data (http response)         IPv4       6             8             2591           4244          2890        23.1k  0.27  
Total                             IPv4                   309                                         27560         8.5m
payload                           IPv6      17             9             3396          39825         12575       113.2k  1.31  
Total                             IPv6                     9                                         12575       113.2k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            36             3286          58384         27811          1.0m  1.52  
PROF_DETECT_IPONLY          IPv4      17             8            37771          80514         53174        425.4k  0.65  
PROF_DETECT_RULES           IPv4       6           335             2518        4552080         61974         20.8m  31.59 
PROF_DETECT_RULES           IPv4      17            19            44371         616692        132113          2.5m  3.82  
PROF_DETECT_STATEFUL_START    IPv4       6            23             5102        2564538        202770          4.7m  7.10  
PROF_DETECT_STATEFUL_CONT    IPv4       6           335             2513          97454          6000          2.0m  3.06  
PROF_DETECT_STATEFUL_CONT    IPv4      17            19             2507          57526          6162        117.1k  0.18  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           236             2544          15335          2782        656.7k  1.00  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2938           3859          3384         13.5k  0.02  
PROF_DETECT_PREFILTER       IPv4       6           335             7738         830428         44812         15.0m  22.84 
PROF_DETECT_PREFILTER       IPv4      17            19            23768          71639         33676        639.9k  0.97  
PROF_DETECT_PF_PAYLOAD      IPv4       6            97            13087         490762         84185          8.2m  12.42 
PROF_DETECT_PF_PAYLOAD      IPv4      17            19             8320          35105         14302        271.7k  0.41  
PROF_DETECT_PF_TX           IPv4       6           236             2549         690625          9951          2.3m  3.57  
PROF_DETECT_PF_TX           IPv4      17             2            15498          15827         15662         31.3k  0.05  
PROF_DETECT_PF_SORT1        IPv4       6            77             2579          14407          3385        260.7k  0.40  
PROF_DETECT_PF_SORT1        IPv4      17            19             2642           4351          3184         60.5k  0.09  
PROF_DETECT_PF_SORT2        IPv4       6           335             2516          78733          3173          1.1m  1.62  
PROF_DETECT_PF_SORT2        IPv4      17            19             2547           4426          2854         54.2k  0.08  
PROF_DETECT_NONMPMLIST      IPv4       6           335             2527          25519          3006          1.0m  1.53  
PROF_DETECT_NONMPMLIST      IPv4      17            19             2522           3361          2754         52.3k  0.08  
PROF_DETECT_ALERT           IPv4       6           335             2518          59243          2783        932.6k  1.42  
PROF_DETECT_ALERT           IPv4      17            19             2528           3703          2683         51.0k  0.08  
PROF_DETECT_CLEANUP         IPv4       6           335             2553          36740          3011          1.0m  1.53  
PROF_DETECT_CLEANUP         IPv4      17            19             2531           4800          3003         57.1k  0.09  
PROF_DETECT_GETSGH          IPv4       6           335             2520          38099          3450          1.2m  1.76  
PROF_DETECT_GETSGH          IPv4      17            19             2509           7259          4150         78.9k  0.12  
PROF_DETECT_IPONLY          IPv6      17             4             2993          10720          5082         20.3k  0.03  
PROF_DETECT_RULES           IPv6      17             9            33773         114916         65125        586.1k  0.89  
PROF_DETECT_STATEFUL_CONT    IPv6      17             9             2505           2791          2628         23.7k  0.04  
PROF_DETECT_PREFILTER       IPv6      17             9            23949          67581         36134        325.2k  0.49  
PROF_DETECT_PF_PAYLOAD      IPv6      17             9             8441          45105         17753        159.8k  0.24  
PROF_DETECT_PF_SORT1        IPv6      17             9             2593           4782          3267         29.4k  0.04  
PROF_DETECT_PF_SORT2        IPv6      17             9             2550           4476          3098         27.9k  0.04  
PROF_DETECT_NONMPMLIST      IPv6      17             9             2527           3367          2837         25.5k  0.04  
PROF_DETECT_ALERT           IPv6      17             9             2529          16630          4168         37.5k  0.06  
PROF_DETECT_CLEANUP         IPv6      17             9             2541           5551          3063         27.6k  0.04  
PROF_DETECT_GETSGH          IPv6      17             9             2560          23711          6305         56.7k  0.09  


suricata-4.0.0-etpro-all-perf.txt-2019-05-02-T-20-25-36-05022019.2025-1fa57f2c-59fc-464e-9825-a2bb92d961d0.pcap.txt - (29397 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/2/2019 -- 20:25:36. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2022207      1        4        444990       2.44   2        0        415238      222495.00   0.00        222495.00  
  2        2014703      1        9        424519       2.33   4        0        392416      106129.75   0.00        106129.75  
  3        2816928      1        3        286397       1.57   2        0        259489      143198.50   0.00        143198.50  
  4        2023476      1        5        1155517      6.33   7        0        200411      165073.86   0.00        165073.86  
  5        2019833      1        7        1122268      6.15   7        0        178877      160324.00   0.00        160324.00  
  6        2021946      1        2        1074991      5.89   7        0        164790      153570.14   0.00        153570.14  
  7        2019832      1        4        602787       3.30   7        0        129255      86112.43    0.00        86112.43   
  8        2018358      1        7        207389       1.14   2        0        121872      103694.50   0.00        103694.50  
  9        2022503      1        2        178349       0.98   2        0        118962      89174.50    0.00        89174.50   
  10       2816940      1        2        170164       0.93   2        0        115676      85082.00    0.00        85082.00   
  11       2022627      1        12       367558       2.01   7        0        82632       52508.29    0.00        52508.29   
  12       2822213      1        2        468932       2.57   7        0        79577       66990.29    0.00        66990.29   
  13       2019344      1        5        114564       0.63   2        0        73869       57282.00    0.00        57282.00   
  14       2018005      1        6        411475       2.26   7        0        70609       58782.14    0.00        58782.14   
  15       2814979      1        2        406114       2.23   7        0        67989       58016.29    0.00        58016.29   
  16       2022535      1        11       354726       1.94   7        0        65770       50675.14    0.00        50675.14   
  17       2816909      1        2        120453       0.66   2        0        63229       60226.50    0.00        60226.50   
  18       2828008      1        2        83716        0.46   2        0        63203       41858.00    0.00        41858.00   
  19       2827279      1        5        84248        0.46   2        0        62921       42124.00    0.00        42124.00   
  20       2814978      1        2        397155       2.18   7        0        62510       56736.43    0.00        56736.43   
  21       2020708      1        2        60517        0.33   1        0        60517       60517.00    0.00        60517.00   
  22       2011894      1        19       86344        0.47   2        0        59718       43172.00    0.00        43172.00   
  23       2018958      1        18       102122       0.56   2        0        59283       51061.00    0.00        51061.00   
  24       2018496      1        9        86068        0.47   2        0        57950       43034.00    0.00        43034.00   
  25       2023625      1        3        89289        0.49   13       0        57755       6868.38     0.00        6868.38    
  26       2816910      1        2        111127       0.61   2        0        56137       55563.50    0.00        55563.50   
  27       2829848      1        2        115269       0.63   10       0        50358       11526.90    0.00        11526.90   
  28       2025064      1        5        88162        0.48   2        0        50160       44081.00    0.00        44081.00   
  29       2018457      1        1        266195       1.46   7        0        49342       38027.86    0.00        38027.86   
  30       2810991      1        4        49028        0.27   1        0        49028       49028.00    0.00        49028.00   
  31       2821561      1        2        49015        0.27   1        0        49015       49015.00    0.00        49015.00   
  32       2022339      1        2        86618        0.47   2        0        48716       43309.00    0.00        43309.00   
  33       2819785      1        2        48657        0.27   1        0        48657       48657.00    0.00        48657.00   
  34       2816525      1        10       90811        0.50   2        0        46961       45405.50    0.00        45405.50   
  35       2023670      1        3        89203        0.49   2        2        46144       44601.50    44601.50    0.00       
  36       2816929      1        4        85494        0.47   2        0        45960       42747.00    0.00        42747.00   
  37       2828122      1        2        80159        0.44   2        0        45235       40079.50    0.00        40079.50   
  38       2815429      1        3        77602        0.43   2        0        43883       38801.00    0.00        38801.00   
  39       2816055      1        2        43199        0.24   1        0        43199       43199.00    0.00        43199.00   
  40       2024767      1        2        77881        0.43   2        0        43132       38940.50    0.00        38940.50   
  41       2018452      1        15       78009        0.43   2        0        43122       39004.50    0.00        39004.50   
  42       2809850      1        2        41842        0.23   1        0        41842       41842.00    0.00        41842.00   
  43       2802876      1        3        134386       0.74   5        0        41218       26877.20    0.00        26877.20   
  44       2018739      1        2        75929        0.42   2        0        41186       37964.50    0.00        37964.50   
  45       2806659      1        4        41139        0.23   1        0        41139       41139.00    0.00        41139.00   
  46       2017552      1        6        320377       1.76   19       0        40662       16861.95    0.00        16861.95   
  47       2815656      1        2        69697        0.38   2        0        40647       34848.50    0.00        34848.50   
  48       2802880      1        3        63879        0.35   2        0        40381       31939.50    0.00        31939.50   
  49       2820851      1        5        75480        0.41   2        0        38830       37740.00    0.00        37740.00   
  50       2816930      1        4        69584        0.38   2        0        38484       34792.00    0.00        34792.00   
  51       2824636      1        2        165065       0.90   7        0        38416       23580.71    0.00        23580.71   
  52       2803348      1        4        67419        0.37   2        0        38022       33709.50    0.00        33709.50   
  53       2023875      1        2        73189        0.40   2        0        37858       36594.50    0.00        36594.50   
  54       2816327      1        4        71456        0.39   2        0        37278       35728.00    0.00        35728.00   
  55       2815817      1        5        65921        0.36   2        0        36558       32960.50    0.00        32960.50   
  56       2017613      1        9        68084        0.37   2        0        36512       34042.00    0.00        34042.00   
  57       2828060      1        4        119781       0.66   4        0        36228       29945.25    0.00        29945.25   
  58       2022220      1        2        71030        0.39   2        0        35760       35515.00    0.00        35515.00   
  59       2023315      1        2        69624        0.38   2        0        35267       34812.00    0.00        34812.00   
  60       2021631      1        2        35220        0.19   1        0        35220       35220.00    0.00        35220.00   
  61       2816165      1        5        69430        0.38   2        0        34950       34715.00    0.00        34715.00   
  62       2815852      1        5        60497        0.33   2        0        34865       30248.50    0.00        30248.50   
  63       2814883      1        3        34756        0.19   1        0        34756       34756.00    0.00        34756.00   
  64       2824408      1        2        56913        0.31   2        0        34670       28456.50    0.00        28456.50   
  65       2823166      1        3        34537        0.19   1        0        34537       34537.00    0.00        34537.00   
  66       2022105      1        3        34519        0.19   1        0        34519       34519.00    0.00        34519.00   
  67       2815324      1        2        68712        0.38   2        0        34386       34356.00    0.00        34356.00   
  68       2003492      1        30       56183        0.31   2        0        34296       28091.50    0.00        28091.50   
  69       2819673      1        4        67796        0.37   2        0        34206       33898.00    0.00        33898.00   
  70       2809547      1        5        53892        0.30   2        0        33856       26946.00    0.00        26946.00   
  71       2816925      1        3        65942        0.36   2        0        33475       32971.00    0.00        32971.00   
  72       2020586      1        3        33198        0.18   1        0        33198       33198.00    0.00        33198.00   
  73       2022262      1        3        60253        0.33   2        0        33124       30126.50    0.00        30126.50   
  74       2010140      1        7        155547       0.85   26       0        32758       5982.58     0.00        5982.58    
  75       2828986      1        2        103253       0.57   10       0        32535       10325.30    0.00        10325.30   
  76       2019693      1        5        59815        0.33   2        0        32426       29907.50    0.00        29907.50   
  77       2019881      1        3        58463        0.32   2        0        30763       29231.50    0.00        29231.50   
  78       2018981      1        4        59698        0.33   2        0        30730       29849.00    0.00        29849.00   
  79       2017259      1        12       30388        0.17   1        0        30388       30388.00    0.00        30388.00   
  80       2016858      1        10       57005        0.31   2        0        29861       28502.50    0.00        28502.50   
  81       2812916      1        6        56995        0.31   2        0        29787       28497.50    0.00        28497.50   
  82       2814120      1        4        57806        0.32   2        0        29651       28903.00    0.00        28903.00   
  83       2023916      1        2        29611        0.16   1        0        29611       29611.00    0.00        29611.00   
  84       2827182      1        2        58460        0.32   2        0        29482       29230.00    0.00        29230.00   
  85       2806132      1        3        29343        0.16   1        0        29343       29343.00    0.00        29343.00   
  86       2018242      1        5        55860        0.31   2        0        29179       27930.00    0.00        27930.00   
  87       2810731      1        7        56904        0.31   2        0        29148       28452.00    0.00        28452.00   
  88       2012612      1        16       50744        0.28   2        0        29054       25372.00    0.00        25372.00   
  89       2816526      1        13       56231        0.31   2        0        28737       28115.50    0.00        28115.50   
  90       2827575      1        2        56032        0.31   2        0        28522       28016.00    0.00        28016.00   
  91       2820031      1        2        56108        0.31   2        0        28511       28054.00    0.00        28054.00   
  92       2826824      1        3        55778        0.31   2        0        28448       27889.00    0.00        27889.00   
  93       2819993      1        2        28382        0.16   1        0        28382       28382.00    0.00        28382.00   
  94       2021038      1        4        27964        0.15   1        0        27964       27964.00    0.00        27964.00   
  95       2009702      1        5        54925        0.30   4        0        27809       13731.25    0.00        13731.25   
  96       2816927      1        3        53544        0.29   2        0        27297       26772.00    0.00        26772.00   
  97       2816924      1        4        53873        0.30   2        0        27105       26936.50    0.00        26936.50   
  98       2816922      1        5        53738        0.29   2        0        27034       26869.00    0.00        26869.00   
  99       2816328      1        5        53963        0.30   2        0        26996       26981.50    0.00        26981.50   
  100      2816931      1        3        53435        0.29   2        0        26886       26717.50    0.00        26717.50   
  101      2018983      1        7        52917        0.29   2        0        26654       26458.50    0.00        26458.50   
  102      2022842      1        5        25652        0.14   1        0        25652       25652.00    0.00        25652.00   
  103      2018010      1        5        45973        0.25   2        0        25298       22986.50    0.00        22986.50   
  104      2804626      1        9        46751        0.26   2        0        25155       23375.50    0.00        23375.50   
  105      2808201      1        3        24130        0.13   1        0        24130       24130.00    0.00        24130.00   
  106      2816669      1        4        23771        0.13   1        0        23771       23771.00    0.00        23771.00   
  107      2815201      1        2        45220        0.25   2        0        23467       22610.00    0.00        22610.00   
  108      2020380      1        3        45505        0.25   2        0        23391       22752.50    0.00        22752.50   
  109      2024178      1        2        44586        0.24   2        0        23138       22293.00    0.00        22293.00   
  110      2016223      1        10       44345        0.24   2        0        23103       22172.50    0.00        22172.50   
  111      2017935      1        3        79644        0.44   21       0        23086       3792.57     0.00        3792.57    
  112      2826256      1        2        44386        0.24   2        0        22674       22193.00    0.00        22193.00   
  113      2022049      1        3        43889        0.24   2        0        22523       21944.50    0.00        21944.50   
  114      2830036      1        1        22301        0.12   1        0        22301       22301.00    0.00        22301.00   
  115      2014701      1        12       48519        0.27   4        0        22164       12129.75    0.00        12129.75   
  116      2822109      1        2        21767        0.12   1        0        21767       21767.00    0.00        21767.00   
  117      2003657      1        18       42513        0.23   2        0        21582       21256.50    0.00        21256.50   
  118      2820809      1        2        21556        0.12   1        0        21556       21556.00    0.00        21556.00   
  119      2014380      1        4        39864        0.22   2        0        21506       19932.00    0.00        19932.00   
  120      2825063      1        2        42577        0.23   2        0        21469       21288.50    0.00        21288.50   
  121      2020698      1        2        41446        0.23   2        0        21378       20723.00    0.00        20723.00   
  122      2805260      1        4        42116        0.23   2        0        21371       21058.00    0.00        21058.00   
  123      2815033      1        2        21211        0.12   1        0        21211       21211.00    0.00        21211.00   
  124      2020770      1        2        21171        0.12   1        0        21171       21171.00    0.00        21171.00   
  125      2826024      1        2        21

This file has been truncated. Go here to download in full.


suricata-report-2019-05-02-T-20-25-36-05022019.2025-1fa57f2c-59fc-464e-9825-a2bb92d961d0.pcap.txt - (17494 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/8ef03dab89ee83dfcd58123f20346eb456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05022019.2025-1fa57f2c-59fc-464e-9825-a2bb92d961d0.pcap -vvv -k none
elapsedtime:20.486313
stderr:
stdout:
2/5/2019 -- 20:25:15 - <Info> - Configuration node 'rule-files' redefined.
2/5/2019 -- 20:25:15 - <Notice> - This is Suricata version 4.0.0 RELEASE
2/5/2019 -- 20:25:15 - <Info> - CPUs/cores online: 1
2/5/2019 -- 20:25:15 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31808 and 'request-body-inspect-window' set to 16730 after randomization.
2/5/2019 -- 20:25:15 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34398 and 'response-body-inspect-window' set to 15759 after randomization.
2/5/2019 -- 20:25:15 - <Config> - DNS request flood protection level: 500
2/5/2019 -- 20:25:15 - <Config> - DNS per flow memcap (state-memcap): 524288
2/5/2019 -- 20:25:15 - <Config> - DNS global memcap: 16777216
2/5/2019 -- 20:25:15 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
2/5/2019 -- 20:25:15 - <Config> - preallocated 1000 hosts of size 136
2/5/2019 -- 20:25:15 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
2/5/2019 -- 20:25:15 - <Config> - using magic-file /usr/share/file/magic
2/5/2019 -- 20:25:15 - <Config> - Core dump size is unlimited.
2/5/2019 -- 20:25:15 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
2/5/2019 -- 20:25:15 - <Config> - preallocated 1000 defrag trackers of size 168
2/5/2019 -- 20:25:15 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
2/5/2019 -- 20:25:15 - <Config> - stream "prealloc-sessions": 2048 (per thread)
2/5/2019 -- 20:25:15 - <Config> - stream "memcap": 33554432
2/5/2019 -- 20:25:15 - <Config> - stream "midstream" session pickups: disabled
2/5/2019 -- 20:25:15 - <Config> - stream "async-oneside": disabled
2/5/2019 -- 20:25:15 - <Config> - stream "checksum-validation": disabled
2/5/2019 -- 20:25:15 - <Config> - stream."inline": disabled
2/5/2019 -- 20:25:15 - <Config> - stream "bypass": disabled
2/5/2019 -- 20:25:15 - <Config> - stream "max-synack-queued": 5
2/5/2019 -- 20:25:15 - <Config> - stream.reassembly "memcap": 134217728
2/5/2019 -- 20:25:15 - <Config> - stream.reassembly "depth": 0
2/5/2019 -- 20:25:15 - <Config> - stream.reassembly "toserver-chunk-size": 2676
2/5/2019 -- 20:25:15 - <Config> - stream.reassembly "toclient-chunk-size": 2457
2/5/2019 -- 20:25:15 - <Config> - stream.reassembly.raw: enabled
2/5/2019 -- 20:25:15 - <Config> - stream.reassembly "segment-prealloc": 2048
2/5/2019 -- 20:25:15 - <Config> - Delayed detect disabled
2/5/2019 -- 20:25:15 - <Config> - pattern matchers: MPM: ac, SPM: bm
2/5/2019 -- 20:25:15 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
2/5/2019 -- 20:25:15 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
2/5/2019 -- 20:25:15 - <Config> - prefilter engines: MPM
2/5/2019 -- 20:25:15 - <Config> - IP reputation disabled
2/5/2019 -- 20:25:15 - <Perf> - Registered 148 keyword profiling counters.
2/5/2019 -- 20:25:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
2/5/2019 -- 20:25:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
2/5/2019 -- 20:25:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
2/5/2019 -- 20:25:20 - <Config> - No rules loaded from ET-icmp.rules.
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
2/5/2019 -- 20:25:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
2/5/2019 -- 20:25:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
2/5/2019 -- 20:25:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
2/5/2019 -- 20:25:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
2/5/2019 -- 20:25:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
2/5/2019 -- 20:25:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
2/5/2019 -- 20:25:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
2/5/2019 -- 20:25:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
2/5/2019 -- 20:25:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
2/5/2019 -- 20:25:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
2/5/2019 -- 20:25:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
2/5/2019 -- 20:25:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
2/5/2019 -- 20:25:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
2/5/2019 -- 20:25:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
2/5/2019 -- 20:25:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
2/5/2019 -- 20:25:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
2/5/2019 -- 20:25:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
2/5/2019 -- 20:25:28 - <Config> - No rules loaded from local.rules.
2/5/2019 -- 20:25:28 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
2/5/2019 -- 20:25:28 - <Info> - Threshold config parsed: 0 rule(s) found
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for tcp-packet
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for tcp-stream
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for udp-packet
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for other-ip
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_uri
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_request_line
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_client_body
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_response_line
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_header
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_header
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_header_names
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_header_names
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_accept
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_accept_enc
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_accept_lang
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_referer
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_connection
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_content_len
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_content_len
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_content_type
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_content_type
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_protocol
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_protocol
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_start
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_start
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_raw_header
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_raw_header
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_method
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_cookie
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_cookie
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_raw_uri
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_user_agent
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_host
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_raw_host
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_stat_msg
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_stat_code
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for dns_query
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for tls_sni
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for tls_cert_issuer
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for tls_cert_subject
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for tls_cert_serial
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for dce_stub_data
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for dce_stub_data
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for ssh_protocol
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for ssh_protocol
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for ssh_software
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for ssh_software
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for file_data
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for file_data
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_request_line
2/5/2019 -- 20:25:28 - <Perf> - using shared mpm ctx' for http_response_line
2/5/2019 -- 20:25:28 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
2/5/2019 -- 20:25:28 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
2/5/2019 -- 20:25:29 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
2/5/2019 -- 20:25:29 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
2/5/2019 -- 20:25:29 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
2/5/2019 -- 20:25:29 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
2/5/2019 -- 20:25:29 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
2/5/2019 -- 20:25:29 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
2/5/2019 -- 20:25:33 - <Perf> - Unique rule groups: 104
2/5/2019 -- 20:25:33 - <Perf> - Builtin MPM "toserver TCP packet": 35
2/5/2019 -- 20:25:33 - <Perf> - Builtin MPM "toclient TCP packet": 17
2/5/2019 -- 20:25:33 - <Perf> - Builtin MPM "toserver TCP stream": 33
2/5/2019 -- 20:25:33 - <Perf> - Builtin MPM "toclient TCP stream": 19
2/5/2019 -- 20:25:33 - <Perf> - Builtin MPM "toserver UDP packet": 27
2/5/2019 -- 20:25:33 - <Perf> - Builtin MPM "toclient UDP packet": 17
2/5/2019 -- 20:25:33 - <Perf> - Builtin MPM "other IP packet": 3
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_uri": 14
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_request_line": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_client_body": 6
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient http_response_line": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_header": 10
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient http_header": 6
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_header_names": 2
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_accept": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_referer": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_content_len": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_content_type": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient http_content_type": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_protocol": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_start": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_method": 5
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_cookie": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient http_cookie": 2
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver http_host": 2
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver dns_query": 4
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver tls_sni": 2
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toserver file_data": 1
2/5/2019 -- 20:25:33 - <Perf> - AppLayer MPM "toclient file_data": 7
2/5/2019 -- 20:25:35 - <Perf> - Registered 39590 rule profiling counters.
2/5/2019 -- 20:25:35 - <Info> - fast output device (regular) initialized: alert
2/5/2019 -- 20:25:35 - <Info> - eve-log output device (regular) initialized: eve.json
2/5/2019 -- 20:25:35 - <Config> - enabling 'eve-log' module 'alert'
2/5/2019 -- 20:25:35 - <Config> - enabling 'eve-log' module 'http'
2/5/2019 -- 20:25:35 - <Config> - enabling 'eve-log' module 'dns'
2/5/2019 -- 20:25:35 - <Config> - enabling 'eve-log' module 'tls'
2/5/2019 -- 20:25:35 - <Config> - enabling 'eve-log' module 'files'
2/5/2019 -- 20:25:35 - <Config> - enabling 'eve-log' module 'ssh'
2/5/2019 -- 20:25:35 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
2/5/2019 -- 20:25:35 - <Info> - stats output device (regular) initialized: stats.log
2/5/2019 -- 20:25:35 - <Config> - AutoFP mode using "Hash" flow load balancer
2/5/2019 -- 20:25:35 - <Info> - reading pcap file /var/pcap/05022019.2025-1fa57f2c-59fc-464e-9825-a2bb92d961d0.pcap
2/5/2019 -- 20:25:35 - <Config> - using 1 flow manager threads
2/5/2019 -- 20:25:35 - <Config> - using 1 flow recycler threads
2/5/2019 -- 20:25:35 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin

This file has been truncated. Go here to download in full.


stats.log - (3138 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 5/2/2019 -- 20:25:36 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 674
decoder.bytes                              | Total                     | 159867
decoder.ipv4                               | Total                     | 345
decoder.ipv6                               | Total                     | 9
decoder.ethernet                           | Total                     | 674
decoder.tcp                                | Total                     | 326
decoder.udp                                | Total                     | 28
decoder.avg_pkt_size                       | Total                     | 237
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 18
flow.udp                                   | Total                     | 10
tcp.sessions                               | Total                     | 18
tcp.syn                                    | Total                     | 18
tcp.synack                                 | Total                     | 18
tcp.rst                                    | Total                     | 5
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 3
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.tls                         | Total                     | 7
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 8
flow_mgr.new_pruned                        | Total                     | 8
flow.spare                                 | Total                     | 9998
flow_mgr.flows_checked                     | Total                     | 12
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.flows_timeout                     | Total                     | 8
flow_mgr.flows_removed                     | Total                     | 8
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65524
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077760


eve.json - (6629 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
{"timestamp":"2019-05-02T19:07:01.545762+0000","flow_id":703014202856418,"pcap_cnt":281,"event_type":"dns","src_ip":"192.168.100.152","src_port":56741,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52365,"rrname":"www.google.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-02T19:07:01.551066+0000","flow_id":703014202856418,"pcap_cnt":282,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.152","dest_port":56741,"proto":"UDP","dns":{"type":"answer","id":52365,"rcode":"NOERROR","rrname":"www.google.com","rrtype":"A","ttl":155,"rdata":"172.217.16.132"}}
{"timestamp":"2019-05-02T19:07:01.749001+0000","flow_id":1537148391353801,"pcap_cnt":297,"event_type":"dns","src_ip":"192.168.100.152","src_port":59825,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64055,"rrname":"tatsumifoughtogre.club","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-02T19:07:01.777135+0000","flow_id":1537148391353801,"pcap_cnt":298,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.152","dest_port":59825,"proto":"UDP","dns":{"type":"answer","id":64055,"rcode":"NOERROR","rrname":"tatsumifoughtogre.club","rrtype":"A","ttl":1199,"rdata":"199.188.200.96"}}
{"timestamp":"2019-05-02T19:07:02.695187+0000","flow_id":1174608054492582,"pcap_cnt":327,"event_type":"http","src_ip":"192.168.100.152","src_port":51633,"dest_ip":"199.188.200.96","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"tatsumifoughtogre.club","url":"\/api\/hazard\/check","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-02T19:07:02.715050+0000","flow_id":1985053350862183,"pcap_cnt":337,"event_type":"fileinfo","src_ip":"192.168.100.152","src_port":51632,"dest_ip":"199.188.200.96","dest_port":80,"proto":"TCP","http":{"hostname":"tatsumifoughtogre.club","url":"\/api\/hazard\/para","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":1294},"app_proto":"http","fileinfo":{"filename":"\/api\/hazard\/para","gaps":false,"state":"CLOSED","stored":false,"size":62,"tx_id":0}}
{"timestamp":"2019-05-02T19:07:02.716385+0000","flow_id":1985053350862183,"pcap_cnt":345,"event_type":"http","src_ip":"192.168.100.152","src_port":51632,"dest_ip":"199.188.200.96","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"tatsumifoughtogre.club","url":"\/api\/hazard\/para","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-05-02T19:07:02.843702+0000","flow_id":1174608054492582,"pcap_cnt":360,"event_type":"fileinfo","src_ip":"199.188.200.96","src_port":80,"dest_ip":"192.168.100.152","dest_port":51633,"proto":"TCP","http":{"hostname":"tatsumifoughtogre.club","url":"\/api\/hazard\/check","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":10265},"app_proto":"http","fileinfo":{"filename":"\/api\/hazard\/check","gaps":false,"state":"CLOSED","stored":false,"size":10116,"tx_id":0}}
{"timestamp":"2019-05-02T19:07:02.854717+0000","flow_id":1846559982941871,"pcap_cnt":364,"event_type":"tls","src_ip":"192.168.100.152","src_port":51642,"dest_ip":"199.188.200.96","dest_port":443,"proto":"TCP","tls":{"subject":"CN=199.188.200.96","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-05-02T19:07:04.069343+0000","flow_id":516211042989682,"pcap_cnt":400,"event_type":"tls","src_ip":"192.168.100.152","src_port":51664,"dest_ip":"199.188.200.96","dest_port":443,"proto":"TCP","tls":{"subject":"CN=199.188.200.96","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-05-02T19:07:04.107705+0000","flow_id":1985053350862183,"pcap_cnt":403,"event_type":"fileinfo","src_ip":"199.188.200.96","src_port":80,"dest_ip":"192.168.100.152","dest_port":51632,"proto":"TCP","http":{"hostname":"tatsumifoughtogre.club","url":"\/api\/hazard\/para","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":404,"length":10263},"app_proto":"http","fileinfo":{"filename":"\/api\/hazard\/para","gaps":false,"state":"CLOSED","stored":false,"size":10114,"tx_id":0}}
{"timestamp":"2019-05-02T19:07:05.333992+0000","flow_id":1640130969968535,"pcap_cnt":441,"event_type":"tls","src_ip":"192.168.100.152","src_port":51684,"dest_ip":"199.188.200.96","dest_port":443,"proto":"TCP","tls":{"subject":"CN=199.188.200.96","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-05-02T19:07:06.490366+0000","flow_id":143274737799265,"pcap_cnt":481,"event_type":"tls","src_ip":"192.168.100.152","src_port":51705,"dest_ip":"199.188.200.96","dest_port":443,"proto":"TCP","tls":{"subject":"CN=199.188.200.96","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-05-02T19:07:22.815205+0000","flow_id":1021400129927569,"pcap_cnt":538,"event_type":"tls","src_ip":"192.168.100.152","src_port":51964,"dest_ip":"199.188.200.96","dest_port":443,"proto":"TCP","tls":{"subject":"CN=199.188.200.96","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-05-02T19:07:44.140518+0000","flow_id":1109809885629056,"pcap_cnt":591,"event_type":"tls","src_ip":"192.168.100.152","src_port":52293,"dest_ip":"199.188.200.96","dest_port":443,"proto":"TCP","tls":{"subject":"CN=199.188.200.96","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-05-02T19:08:05.437673+0000","flow_id":379639676878367,"pcap_cnt":646,"event_type":"tls","src_ip":"192.168.100.152","src_port":52622,"dest_ip":"199.188.200.96","dest_port":443,"proto":"TCP","tls":{"subject":"CN=199.188.200.96","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}


keyword_perf.log - (11389 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/2/2019 -- 20:25:36
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             774879          232             232             17419           3339.00         3339.00         0.00           
  content          3853022         1064            496             34851           3621.00         3758.00         3501.00        
  pcre             902087          149             40              63910           6054.00         6783.00         5786.00        
  byte_test        135342          37              9               20941           3657.00         3468.00         3718.00        
  byte_jump        26472           4               0               15378           6618.00         0.00            6618.00        
  isdataat         5518            2               0               2914            2759.00         0.00            2759.00        
  flowbits         52647           16              2               6077            3290.00         5585.00         2962.00        
  urilen           186406          56              16              15547           3328.00         3095.00         3421.00        
  byte_extract     44449           15              15              4054            2963.00         2963.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             774879          232             232             17419           3339.00         3339.00         0.00           
  flowbits         41476           14              0               3535            2962.00         0.00            2962.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2578965         746             273             34851           3457.00         3540.00         3409.00        
  pcre             407299          93              29              40424           4379.00         5631.00         3812.00        
  byte_test        135342          37              9               20941           3657.00         3468.00         3718.00        
  byte_jump        26472           4               0               15378           6618.00         0.00            6618.00        
  isdataat         5518            2               0               2914            2759.00         0.00            2759.00        
  byte_extract     44449           15              15              4054            2963.00         2963.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         11171           2               2               6077            5585.00         5585.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          199925          51              26              16084           3920.00         3970.00         3867.00        
  pcre             232666          29              1               63910           8022.00         12628.00        7858.00        
  urilen           186406          56              16              15547           3328.00         3095.00         3421.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22299           6               0               4032            3716.00         0.00            3716.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15070           4               0               4346            3767.00         0.00            3767.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          748724          182             147             17078           4113.00         4085.00         4233.00        
  pcre             236293          23              6               35943           10273.00        11594.00        9807.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18533           5               2               4039            3706.00         3530.00         3824.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18336           5               5               4466            3667.00         3667.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30391           5               3               16037           6078.00         3785.00         9517.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          208075          56              36              5610            3715.00         4018.00         3170.00        
  pcre             25829           4               4               12605           6457.00         6457.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12704           4               4               3265            3176.00         3176.00         0.00           


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-05-02 20:25:15,103 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-02 20:25:15,812 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-02 20:25:15,813 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-02 20:25:15,813 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-02 20:25:15,813 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-02 20:25:15,813 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/8ef03dab89ee83dfcd58123f20346eb456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05022019.2025-1fa57f2c-59fc-464e-9825-a2bb92d961d0.pcap -vvv -k none
2019-05-02 20:25:36,302 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-02 20:25:36,303 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 21.2069430351