Filename: poc.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 27.0830190182 seconds
Hash: 93ce2f6858d53ba580c99bc250c4b6a1
Uploaded: 1558454120

Logfiles


packet_stats.log - (4693 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            11           648669        2803852       1682057         18.5m  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            11            73068         364125        228099          2.5m   94.66
TMM_RECEIVEPCAPFILE         IPv4       6            11             2825          36079          6957         76.5k    2.89
TMM_DECODEPCAPFILE          IPv4       6            11             2838          29793          5904         64.9k    2.45

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            11             2860           7751          3734         41.1k  1.76  
stream                  IPv4       6            11             4096          38444         16314        179.5k  7.69  
detect                  IPv4       6            11            47762         340613        185993          2.0m  87.68 
tcp-prune               IPv4       6            11             2600          36377          6081         66.9k  2.87  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             6             2746          84547         32611       195.7k  46.82 
stream                            IPv4       6             6             2544         106279         37034       222.2k  53.18 
Total                             IPv4                    12                                         34822       417.9k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            55424          63634         59529        119.1k  5.16  
PROF_DETECT_RULES           IPv4       6            11             2738         186840         69395        763.3k  33.11 
PROF_DETECT_STATEFUL_CONT    IPv4       6            11             2516           3509          2789         30.7k  1.33  
PROF_DETECT_PREFILTER       IPv4       6            11             8364         162973         61076        671.8k  29.14 
PROF_DETECT_PF_PAYLOAD      IPv4       6             6            23169         116717         77800        466.8k  20.25 
PROF_DETECT_PF_SORT1        IPv4       6             6             3378           5134          3958         23.7k  1.03  
PROF_DETECT_PF_SORT2        IPv4       6            11             2581           4704          3373         37.1k  1.61  
PROF_DETECT_NONMPMLIST      IPv4       6            11             2629           4279          3055         33.6k  1.46  
PROF_DETECT_ALERT           IPv4       6            11             2539          10646          3452         38.0k  1.65  
PROF_DETECT_CLEANUP         IPv4       6            11             2626          15591          4255         46.8k  2.03  
PROF_DETECT_GETSGH          IPv4       6            11             2523          25867          6758         74.3k  3.22  


stats.log - (2151 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
------------------------------------------------------------------------------------
Date: 5/21/2019 -- 15:55:47 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 11
decoder.bytes                              | Total                     | 1781
decoder.ipv4                               | Total                     | 11
decoder.ethernet                           | Total                     | 11
decoder.tcp                                | Total                     | 11
decoder.avg_pkt_size                       | Total                     | 161
decoder.max_pkt_size                       | Total                     | 603
flow.tcp                                   | Total                     | 1
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 4
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 7
app_layer.flow.failed_tcp                  | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


suricata-4.0.0-etpro-all-perf.txt-2019-05-21-T-15-55-47-05212019.1555-poc.pcap.txt - (7382 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
  --------------------------------------------------------------------------
  Date: 5/21/2019 -- 15:55:47. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2017935      1        3        10182        3.46   2        0        6712        5091.00     0.00        5091.00    
  2        2806561      1        5        5144         1.75   1        0        5144        5144.00     0.00        5144.00    
  3        2815451      1        2        7376         2.51   2        0        4652        3688.00     0.00        3688.00    
  4        2001330      1        8        11857        4.03   3        0        4629        3952.33     0.00        3952.33    
  5        2009387      1        4        12854        4.37   3        0        4599        4284.67     0.00        4284.67    
  6        2012139      1        8        4549         1.55   1        0        4549        4549.00     0.00        4549.00    
  7        2014385      1        5        4419         1.50   1        0        4419        4419.00     0.00        4419.00    
  8        2823966      1        1        7007         2.38   2        0        4331        3503.50     0.00        3503.50    
  9        2810288      1        2        7028         2.39   2        0        4221        3514.00     0.00        3514.00    
  10       2823338      1        1        4204         1.43   1        0        4204        4204.00     0.00        4204.00    
  11       2025519      1        1        4190         1.42   1        0        4190        4190.00     0.00        4190.00    
  12       2103158      1        6        10410        3.54   3        0        4188        3470.00     0.00        3470.00    
  13       2018283      1        5        4159         1.41   1        0        4159        4159.00     0.00        4159.00    
  14       2102190      1        5        6981         2.37   2        0        4084        3490.50     0.00        3490.50    
  15       2014958      1        1        7045         2.39   2        0        4074        3522.50     0.00        3522.50    
  16       2018281      1        4        3977         1.35   1        0        3977        3977.00     0.00        3977.00    
  17       2810451      1        5        6627         2.25   2        0        3890        3313.50     0.00        3313.50    
  18       2008304      1        3        6378         2.17   2        0        3784        3189.00     0.00        3189.00    
  19       2808772      1        1        3778         1.28   1        0        3778        3778.00     0.00        3778.00    
  20       2022132      1        1        6578         2.24   2        0        3763        3289.00     0.00        3289.00    
  21       2013479      1        5        3735         1.27   1        0        3735        3735.00     0.00        3735.00    
  22       2102523      1        8        3721         1.26   1        0        3721        3721.00     0.00        3721.00    
  23       2807546      1        6        3674         1.25   1        0        3674        3674.00     0.00        3674.00    
  24       2008309      1        3        6715         2.28   2        0        3603        3357.50     0.00        3357.50    
  25       2100327      1        10       3588         1.22   1        0        3588        3588.00     0.00        3588.00    
  26       2022547      1        1        6784         2.31   2        0        3582        3392.00     0.00        3392.00    
  27       2102523      1        8        3525         1.20   1        0        3525        3525.00     0.00        3525.00    
  28       2823335      1        1        6301         2.14   2        0        3503        3150.50     0.00        3150.50    
  29       2819805      1        3        3466         1.18   1        0        3466        3466.00     0.00        3466.00    
  30       2014956      1        1        6573         2.23   2        0        3448        3286.50     0.00        3286.50    
  31       2024778      1        1        6282         2.14   2        0        3442        3141.00     0.00        3141.00    
  32       2103238      1        4        3442         1.17   1        0        3442        3442.00     0.00        3442.00    
  33       2021976      1        2        3392         1.15   1        0        3392        3392.00     0.00        3392.00    
  34       2014386      1        2        16806        5.71   6        0        3360        2801.00     0.00        2801.00    
  35       2001972      1        20       3360         1.14   1        0        3360        3360.00     0.00        3360.00    
  36       2823337      1        2        3357         1.14   1        0        3357        3357.00     0.00        3357.00    
  37       2008298      1        3        3315         1.13   1        0        3315        3315.00     0.00        3315.00    
  38       2103159      1        4        3308         1.12   1        0        3308        3308.00     0.00        3308.00    
  39       2828876      1        1        8526         2.90   3        0        3282        2842.00     0.00        2842.00    
  40       2008297      1        5        3241         1.10   1        0        3241        3241.00     0.00        3241.00    
  41       2823336      1        1        3211         1.09   1        0        3211        3211.00     0.00        3211.00    
  42       2024777      1        2        6275         2.13   2        0        3208        3137.50     0.00        3137.50    
  43       2008306      1        3        5830         1.98   2        0        3203        2915.00     0.00        2915.00    
  44       2828748      1        2        3197         1.09   1        0        3197        3197.00     0.00        3197.00    
  45       2828877      1        1        3164         1.08   1        0        3164        3164.00     0.00        3164.00    
  46       2008299      1        4        6217         2.11   2        0        3156        3108.50     0.00        3108.50    
  47       2802987      1        5        3135         1.07   1        0        3135        3135.00     0.00        3135.00    
  48       2024773      1        2        5898         2.00   2        0        3067        2949.00     0.00        2949.00    
  49       2810290      1        7        2999         1.02   1        0        2999        2999.00     0.00        2999.00    
  50       2003089      1        4        2968         1.01   1        0        2968        2968.00     0.00        2968.00    
  51       2014384      1        8        5532         1.88   2        0        2942        2766.00     0.00        2766.00    
  52       2021978      1        6        2708         0.92   1        0        2708        2708.00     0.00        2708.00    
  53       2811121      1        2        2627         0.89   1        0        2627        2627.00     0.00        2627.00    
  54       2804982      1        2        2610         0.89   1        0        2610        2610.00     0.00        2610.00    


keyword_perf.log - (706 bytes) - download
1
2
3
4
5
6
7
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/21/2019 -- 15:55:47
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 


suricata-report-2019-05-21-T-15-55-47-05212019.1555-poc.pcap.txt - (17638 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/93ce2f6858d53ba580c99bc250c4b6a156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05212019.1555-poc.pcap -vvv -k none
elapsedtime:26.054137
stderr:
stdout:
21/5/2019 -- 15:55:21 - <Info> - Configuration node 'rule-files' redefined.
21/5/2019 -- 15:55:21 - <Notice> - This is Suricata version 4.0.0 RELEASE
21/5/2019 -- 15:55:21 - <Info> - CPUs/cores online: 1
21/5/2019 -- 15:55:21 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33636 and 'request-body-inspect-window' set to 16265 after randomization.
21/5/2019 -- 15:55:21 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34277 and 'response-body-inspect-window' set to 17041 after randomization.
21/5/2019 -- 15:55:21 - <Config> - DNS request flood protection level: 500
21/5/2019 -- 15:55:21 - <Config> - DNS per flow memcap (state-memcap): 524288
21/5/2019 -- 15:55:21 - <Config> - DNS global memcap: 16777216
21/5/2019 -- 15:55:21 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/5/2019 -- 15:55:21 - <Config> - preallocated 1000 hosts of size 136
21/5/2019 -- 15:55:21 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/5/2019 -- 15:55:21 - <Config> - using magic-file /usr/share/file/magic
21/5/2019 -- 15:55:21 - <Config> - Core dump size is unlimited.
21/5/2019 -- 15:55:21 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/5/2019 -- 15:55:21 - <Config> - preallocated 1000 defrag trackers of size 168
21/5/2019 -- 15:55:21 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/5/2019 -- 15:55:21 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/5/2019 -- 15:55:21 - <Config> - stream "memcap": 33554432
21/5/2019 -- 15:55:21 - <Config> - stream "midstream" session pickups: disabled
21/5/2019 -- 15:55:21 - <Config> - stream "async-oneside": disabled
21/5/2019 -- 15:55:21 - <Config> - stream "checksum-validation": disabled
21/5/2019 -- 15:55:21 - <Config> - stream."inline": disabled
21/5/2019 -- 15:55:21 - <Config> - stream "bypass": disabled
21/5/2019 -- 15:55:21 - <Config> - stream "max-synack-queued": 5
21/5/2019 -- 15:55:21 - <Config> - stream.reassembly "memcap": 134217728
21/5/2019 -- 15:55:21 - <Config> - stream.reassembly "depth": 0
21/5/2019 -- 15:55:21 - <Config> - stream.reassembly "toserver-chunk-size": 2675
21/5/2019 -- 15:55:21 - <Config> - stream.reassembly "toclient-chunk-size": 2493
21/5/2019 -- 15:55:21 - <Config> - stream.reassembly.raw: enabled
21/5/2019 -- 15:55:21 - <Config> - stream.reassembly "segment-prealloc": 2048
21/5/2019 -- 15:55:21 - <Config> - Delayed detect disabled
21/5/2019 -- 15:55:21 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/5/2019 -- 15:55:21 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/5/2019 -- 15:55:21 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/5/2019 -- 15:55:21 - <Config> - prefilter engines: MPM
21/5/2019 -- 15:55:21 - <Config> - IP reputation disabled
21/5/2019 -- 15:55:21 - <Perf> - Registered 148 keyword profiling counters.
21/5/2019 -- 15:55:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
21/5/2019 -- 15:55:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
21/5/2019 -- 15:55:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
21/5/2019 -- 15:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
21/5/2019 -- 15:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
21/5/2019 -- 15:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
21/5/2019 -- 15:55:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
21/5/2019 -- 15:55:27 - <Config> - No rules loaded from ET-icmp.rules.
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
21/5/2019 -- 15:55:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
21/5/2019 -- 15:55:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
21/5/2019 -- 15:55:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
21/5/2019 -- 15:55:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
21/5/2019 -- 15:55:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
21/5/2019 -- 15:55:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
21/5/2019 -- 15:55:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
21/5/2019 -- 15:55:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
21/5/2019 -- 15:55:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
21/5/2019 -- 15:55:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
21/5/2019 -- 15:55:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
21/5/2019 -- 15:55:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
21/5/2019 -- 15:55:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
21/5/2019 -- 15:55:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
21/5/2019 -- 15:55:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
21/5/2019 -- 15:55:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
21/5/2019 -- 15:55:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
21/5/2019 -- 15:55:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
21/5/2019 -- 15:55:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
21/5/2019 -- 15:55:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
21/5/2019 -- 15:55:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
21/5/2019 -- 15:55:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
21/5/2019 -- 15:55:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
21/5/2019 -- 15:55:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
21/5/2019 -- 15:55:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
21/5/2019 -- 15:55:34 - <Config> - No rules loaded from local.rules.
21/5/2019 -- 15:55:34 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
21/5/2019 -- 15:55:34 - <Info> - Threshold config parsed: 0 rule(s) found
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for tcp-packet
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for tcp-stream
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for udp-packet
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for other-ip
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_uri
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_request_line
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_client_body
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_response_line
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_header
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_header
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_header_names
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_header_names
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_accept
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_accept_enc
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_accept_lang
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_referer
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_connection
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_content_len
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_content_len
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_content_type
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_content_type
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_protocol
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_protocol
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_start
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_start
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_raw_header
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_raw_header
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_method
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_cookie
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_cookie
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_raw_uri
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_user_agent
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_host
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_raw_host
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_stat_msg
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_stat_code
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for dns_query
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for tls_sni
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for tls_cert_issuer
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for tls_cert_subject
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for tls_cert_serial
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for dce_stub_data
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for dce_stub_data
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for ssh_protocol
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for ssh_protocol
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for ssh_software
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for ssh_software
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for file_data
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for file_data
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_request_line
21/5/2019 -- 15:55:35 - <Perf> - using shared mpm ctx' for http_response_line
21/5/2019 -- 15:55:35 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
21/5/2019 -- 15:55:35 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/5/2019 -- 15:55:35 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
21/5/2019 -- 15:55:35 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
21/5/2019 -- 15:55:35 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
21/5/2019 -- 15:55:35 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
21/5/2019 -- 15:55:35 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
21/5/2019 -- 15:55:35 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/5/2019 -- 15:55:43 - <Perf> - Unique rule groups: 104
21/5/2019 -- 15:55:43 - <Perf> - Builtin MPM "toserver TCP packet": 35
21/5/2019 -- 15:55:43 - <Perf> - Builtin MPM "toclient TCP packet": 17
21/5/2019 -- 15:55:43 - <Perf> - Builtin MPM "toserver TCP stream": 33
21/5/2019 -- 15:55:43 - <Perf> - Builtin MPM "toclient TCP stream": 19
21/5/2019 -- 15:55:43 - <Perf> - Builtin MPM "toserver UDP packet": 27
21/5/2019 -- 15:55:43 - <Perf> - Builtin MPM "toclient UDP packet": 17
21/5/2019 -- 15:55:43 - <Perf> - Builtin MPM "other IP packet": 3
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_uri": 14
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_request_line": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient http_response_line": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_header": 10
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient http_header": 6
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_header_names": 2
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_accept": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_referer": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_content_len": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_content_type": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient http_content_type": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_protocol": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_start": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_method": 5
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_cookie": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient http_cookie": 2
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver http_host": 2
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver dns_query": 4
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver tls_sni": 2
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toserver file_data": 1
21/5/2019 -- 15:55:43 - <Perf> - AppLayer MPM "toclient file_data": 7
21/5/2019 -- 15:55:46 - <Perf> - Registered 39590 rule profiling counters.
21/5/2019 -- 15:55:46 - <Info> - fast output device (regular) initialized: alert
21/5/2019 -- 15:55:46 - <Info> - eve-log output device (regular) initialized: eve.json
21/5/2019 -- 15:55:46 - <Config> - enabling 'eve-log' module 'alert'
21/5/2019 -- 15:55:46 - <Config> - enabling 'eve-log' module 'http'
21/5/2019 -- 15:55:46 - <Config> - enabling 'eve-log' module 'dns'
21/5/2019 -- 15:55:46 - <Config> - enabling 'eve-log' module 'tls'
21/5/2019 -- 15:55:46 - <Config> - enabling 'eve-log' module 'files'
21/5/2019 -- 15:55:46 - <Config> - enabling 'eve-log' module 'ssh'
21/5/2019 -- 15:55:46 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/5/2019 -- 15:55:46 - <Info> - stats output device (regular) initialized: stats.log
21/5/2019 -- 15:55:46 - <Config> - AutoFP mode using "Hash" flow load balancer
21/5/2019 -- 15:55:46 - <Info> - reading pcap file /var/pcap/05212019.1555-poc.pcap
21/5/2019 -- 15:55:46 - <Config> - using 1 flow manager threads
21/5/2019 -- 15:55:46 - <Config> - usin

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1143 bytes) - download
1
2
3
4
5
6
7
8
2019-05-21 15:55:20,501 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-21 15:55:21,261 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-21 15:55:21,261 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-21 15:55:21,262 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-21 15:55:21,262 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-21 15:55:21,262 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/93ce2f6858d53ba580c99bc250c4b6a156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05212019.1555-poc.pcap -vvv -k none
2019-05-21 15:55:47,318 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-21 15:55:47,319 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.8326070309