Filename: network (1).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 27.3811721802 seconds
Hash: 963155fedaeede94eee65e2339347ae6
Uploaded: 1569321944

Logfiles


suricata-report-2019-09-24-T-10-46-11-09242019.1045-network_1.pcap.txt - (17766 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/963155fedaeede94eee65e2339347ae656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09242019.1045-network_1.pcap -vvv -k none
elapsedtime:26.354415
stderr:
stdout:
24/9/2019 -- 10:45:45 - <Info> - Configuration node 'rule-files' redefined.
24/9/2019 -- 10:45:45 - <Notice> - This is Suricata version 4.0.0 RELEASE
24/9/2019 -- 10:45:45 - <Info> - CPUs/cores online: 1
24/9/2019 -- 10:45:45 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33230 and 'request-body-inspect-window' set to 16346 after randomization.
24/9/2019 -- 10:45:45 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32211 and 'response-body-inspect-window' set to 16310 after randomization.
24/9/2019 -- 10:45:45 - <Config> - DNS request flood protection level: 500
24/9/2019 -- 10:45:45 - <Config> - DNS per flow memcap (state-memcap): 524288
24/9/2019 -- 10:45:45 - <Config> - DNS global memcap: 16777216
24/9/2019 -- 10:45:45 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
24/9/2019 -- 10:45:45 - <Config> - preallocated 1000 hosts of size 136
24/9/2019 -- 10:45:45 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
24/9/2019 -- 10:45:45 - <Config> - using magic-file /usr/share/file/magic
24/9/2019 -- 10:45:45 - <Config> - Core dump size is unlimited.
24/9/2019 -- 10:45:45 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
24/9/2019 -- 10:45:45 - <Config> - preallocated 1000 defrag trackers of size 168
24/9/2019 -- 10:45:45 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
24/9/2019 -- 10:45:45 - <Config> - stream "prealloc-sessions": 2048 (per thread)
24/9/2019 -- 10:45:45 - <Config> - stream "memcap": 33554432
24/9/2019 -- 10:45:45 - <Config> - stream "midstream" session pickups: disabled
24/9/2019 -- 10:45:45 - <Config> - stream "async-oneside": disabled
24/9/2019 -- 10:45:45 - <Config> - stream "checksum-validation": disabled
24/9/2019 -- 10:45:45 - <Config> - stream."inline": disabled
24/9/2019 -- 10:45:45 - <Config> - stream "bypass": disabled
24/9/2019 -- 10:45:45 - <Config> - stream "max-synack-queued": 5
24/9/2019 -- 10:45:45 - <Config> - stream.reassembly "memcap": 134217728
24/9/2019 -- 10:45:45 - <Config> - stream.reassembly "depth": 0
24/9/2019 -- 10:45:45 - <Config> - stream.reassembly "toserver-chunk-size": 2551
24/9/2019 -- 10:45:45 - <Config> - stream.reassembly "toclient-chunk-size": 2495
24/9/2019 -- 10:45:45 - <Config> - stream.reassembly.raw: enabled
24/9/2019 -- 10:45:45 - <Config> - stream.reassembly "segment-prealloc": 2048
24/9/2019 -- 10:45:45 - <Config> - Delayed detect disabled
24/9/2019 -- 10:45:45 - <Config> - pattern matchers: MPM: ac, SPM: bm
24/9/2019 -- 10:45:45 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
24/9/2019 -- 10:45:45 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
24/9/2019 -- 10:45:45 - <Config> - prefilter engines: MPM
24/9/2019 -- 10:45:45 - <Config> - IP reputation disabled
24/9/2019 -- 10:45:45 - <Perf> - Registered 148 keyword profiling counters.
24/9/2019 -- 10:45:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
24/9/2019 -- 10:45:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
24/9/2019 -- 10:45:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
24/9/2019 -- 10:45:50 - <Config> - No rules loaded from ET-icmp.rules.
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
24/9/2019 -- 10:45:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
24/9/2019 -- 10:45:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
24/9/2019 -- 10:45:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
24/9/2019 -- 10:45:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
24/9/2019 -- 10:45:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
24/9/2019 -- 10:45:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
24/9/2019 -- 10:45:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
24/9/2019 -- 10:45:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
24/9/2019 -- 10:45:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
24/9/2019 -- 10:45:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
24/9/2019 -- 10:45:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
24/9/2019 -- 10:45:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
24/9/2019 -- 10:45:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
24/9/2019 -- 10:45:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
24/9/2019 -- 10:45:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
24/9/2019 -- 10:45:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
24/9/2019 -- 10:45:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
24/9/2019 -- 10:45:58 - <Config> - No rules loaded from local.rules.
24/9/2019 -- 10:45:58 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
24/9/2019 -- 10:45:58 - <Info> - Threshold config parsed: 0 rule(s) found
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for tcp-packet
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for tcp-stream
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for udp-packet
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for other-ip
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_uri
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_request_line
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_client_body
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_response_line
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_header
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_header
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_header_names
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_header_names
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_accept
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_accept_enc
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_accept_lang
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_referer
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_connection
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_content_len
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_content_len
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_content_type
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_content_type
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_protocol
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_protocol
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_start
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_start
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_raw_header
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_raw_header
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_method
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_cookie
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_cookie
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_raw_uri
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_user_agent
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_host
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_raw_host
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_stat_msg
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_stat_code
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for dns_query
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for tls_sni
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for tls_cert_issuer
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for tls_cert_subject
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for tls_cert_serial
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for dce_stub_data
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for dce_stub_data
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for ssh_protocol
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for ssh_protocol
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for ssh_software
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for ssh_software
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for file_data
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for file_data
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_request_line
24/9/2019 -- 10:45:59 - <Perf> - using shared mpm ctx' for http_response_line
24/9/2019 -- 10:45:59 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
24/9/2019 -- 10:45:59 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
24/9/2019 -- 10:45:59 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
24/9/2019 -- 10:45:59 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
24/9/2019 -- 10:45:59 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
24/9/2019 -- 10:45:59 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
24/9/2019 -- 10:45:59 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
24/9/2019 -- 10:45:59 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
24/9/2019 -- 10:46:06 - <Perf> - Unique rule groups: 104
24/9/2019 -- 10:46:06 - <Perf> - Builtin MPM "toserver TCP packet": 35
24/9/2019 -- 10:46:06 - <Perf> - Builtin MPM "toclient TCP packet": 17
24/9/2019 -- 10:46:06 - <Perf> - Builtin MPM "toserver TCP stream": 33
24/9/2019 -- 10:46:06 - <Perf> - Builtin MPM "toclient TCP stream": 19
24/9/2019 -- 10:46:06 - <Perf> - Builtin MPM "toserver UDP packet": 27
24/9/2019 -- 10:46:06 - <Perf> - Builtin MPM "toclient UDP packet": 17
24/9/2019 -- 10:46:06 - <Perf> - Builtin MPM "other IP packet": 3
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_uri": 14
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_request_line": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_client_body": 6
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient http_response_line": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_header": 10
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient http_header": 6
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_header_names": 2
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_accept": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_referer": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_content_len": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_content_type": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient http_content_type": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_protocol": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_start": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_method": 5
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_cookie": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient http_cookie": 2
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver http_host": 2
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver dns_query": 4
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver tls_sni": 2
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toserver file_data": 1
24/9/2019 -- 10:46:06 - <Perf> - AppLayer MPM "toclient file_data": 7
24/9/2019 -- 10:46:09 - <Perf> - Registered 39590 rule profiling counters.
24/9/2019 -- 10:46:09 - <Info> - fast output device (regular) initialized: alert
24/9/2019 -- 10:46:09 - <Info> - eve-log output device (regular) initialized: eve.json
24/9/2019 -- 10:46:09 - <Config> - enabling 'eve-log' module 'alert'
24/9/2019 -- 10:46:09 - <Config> - enabling 'eve-log' module 'http'
24/9/2019 -- 10:46:09 - <Config> - enabling 'eve-log' module 'dns'
24/9/2019 -- 10:46:09 - <Config> - enabling 'eve-log' module 'tls'
24/9/2019 -- 10:46:09 - <Config> - enabling 'eve-log' module 'files'
24/9/2019 -- 10:46:09 - <Config> - enabling 'eve-log' module 'ssh'
24/9/2019 -- 10:46:09 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
24/9/2019 -- 10:46:09 - <Info> - stats output device (regular) initialized: stats.log
24/9/2019 -- 10:46:09 - <Config> - AutoFP mode using "Hash" flow load balancer
24/9/2019 -- 10:46:09 - <Info> - reading pcap file /var/pcap/09242019.1045-network_1.pcap
24/9/2019 -- 10:46:09 - <Config> - using 1 flow manager threads
24/9/2019 -- 10:46:09 - <Co

This file has been truncated. Go here to download in full.


packet_stats.log - (17867 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1           130        376414194      532587048     464199629         60.3b    6.48
 IPv4       6          1990           159290      542738640     433541052        862.7b   92.59
 IPv4      17            57          3706066      354478774     152611021          8.7b    0.93
 IPv6      17             1          5080538        5080538       5080538          5.1m    0.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1           130           115426         384488        136626         17.8m    2.39
TMM_FLOWWORKER              IPv4       6          1990           113660       85931258        298954        594.9m   80.04
TMM_FLOWWORKER              IPv4      17            57           268030       19794830       1212411         69.1m    9.30
TMM_RECEIVEPCAPFILE         IPv4       1           130             4436           5364          4577        595.1k    0.08
TMM_RECEIVEPCAPFILE         IPv4       6          1979             4424       10574832         10151         20.1m    2.70
TMM_RECEIVEPCAPFILE         IPv4      17            57             4430          11694          4882        278.3k    0.04
TMM_DECODEPCAPFILE          IPv4       1           130             4546          23762          5383        699.8k    0.09
TMM_DECODEPCAPFILE          IPv4       6          1979             4552       28975432         19595         38.8m    5.22
TMM_DECODEPCAPFILE          IPv4      17            57             4590          58710          6292        358.7k    0.05
TMM_FLOWWORKER              IPv6      17             1           686098         686098        686098        686.1k    0.09
TMM_RECEIVEPCAPFILE         IPv6      17             1             5054           5054          5054          5.1k    0.00
TMM_DECODEPCAPFILE          IPv6      17             1            20488          20488         20488         20.5k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1            33             4900           7802          6258        206.5k  0.03  
flow                    IPv4       6          1979             4756          77644          7370         14.6m  2.41  
flow                    IPv4      17            57             4766          57966          8524        485.9k  0.08  
stream                  IPv4       6          1990             4546        6524782         11079         22.0m  3.64  
app-layer               IPv4      17            57             4490          63278         22507          1.3m  0.21  
detect                  IPv4       1           130           106190         364188        123658         16.1m  2.65  
detect                  IPv4       6          1990            76888       85435950        249151        495.8m  81.87 
detect                  IPv4      17            57           238264        9067684        787629         44.9m  7.41  
tcp-prune               IPv4       6          1990             4434          33556          4780          9.5m  1.57  
flow                    IPv6      17             1            23342          23342         23342         23.3k  0.00  
app-layer               IPv6      17             1            16818          16818         16818         16.8k  0.00  
detect                  IPv6      17             1           627212         627212        627212        627.2k  0.10  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             8             5498          54424         16916        135.3k  23.04 
tls                     IPv4       6             2             6916           9774          8345         16.7k  2.84  
tls                     IPv4      17             1             9986           9986          9986         10.0k  1.70  
dns                     IPv4      17            50             4654          26032          8504        425.2k  72.41 
Proto detect            IPv4       6             9             4590          18548          9291         83.6k
Proto detect            IPv4      17            52             5210          43492         10164        528.6k
Proto detect            IPv6      17             1             7266           7266          7266          7.3k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             9            15352         145546         60361        543.3k  2.17  
LOGGER_UNIFIED2             IPv4       6             9            21102         476506        105475        949.3k  3.78  
LOGGER_JSON_ALERT           IPv4       6             9            38712         213494         88092        792.8k  3.16  
LOGGER_JSON_DNS             IPv4      17            35            34074       18592718        601556         21.1m  83.93 
LOGGER_JSON_HTTP            IPv4       6             8            41858         175724         83640        669.1k  2.67  
LOGGER_JSON_TLS             IPv4       6             1            88404          88404         88404         88.4k  0.35  
LOGGER_JSON_FILE            IPv4       6             7            97490         188254        141046        987.3k  3.94  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1           130             4912          22022          7452       968.8k  6.23  
payload                           IPv4       6            64             4534         492640         60769         3.9m  25.01 
payload                           IPv4      17            57             5874         460378         42645         2.4m  15.63 
stream                            IPv4       6            64             4444         657878         69416         4.4m  28.56 
http_uri                          IPv4       6             8             5228          54994         26500       212.0k  1.36  
http_request_line                 IPv4       6             8             5228          20192         11849        94.8k  0.61  
http_client_body                  IPv4       6             8             4738          28310          8221        65.8k  0.42  
http_header (request)             IPv4       6             8            38268          96418         74599       596.8k  3.84  
http_header (request trailer)     IPv4       6             8             4490           4556          4531        36.2k  0.23  
http_header_names (request)       IPv4       6             8            12948          32002         23279       186.2k  1.20  
http_accept (request)             IPv4       6             8             4730          48834         10899        87.2k  0.56  
http_referer (request)            IPv4       6             8             4720           5422          5171        41.4k  0.27  
http_content_len (request)        IPv4       6             8             4768           5906          5205        41.6k  0.27  
http_content_type (request)       IPv4       6             8             4746           5536          5110        40.9k  0.26  
http_protocol (request)           IPv4       6             8             4810           9318          7595        60.8k  0.39  
http_start (request)              IPv4       6             8            10466          23130         16462       131.7k  0.85  
http_raw_header (request)         IPv4       6             8            11912          27816         20635       165.1k  1.06  
http_method                       IPv4       6             8             5184          11432          9088        72.7k  0.47  
http_cookie (request)             IPv4       6             8             4810           5756          5294        42.4k  0.27  
http_raw_uri                      IPv4       6             8             5684          18384         10539        84.3k  0.54  
http_user_agent                   IPv4       6             8            14116          64666         32590       260.7k  1.68  
http_host                         IPv4       6             8             7966          19296         14160       113.3k  0.73  
dns_query                         IPv4      17            18             4948          22354         14114       254.1k  1.63  
tls_sni                           IPv4       6             1            10266          10266         10266        10.3k  0.07  
http_response_line                IPv4       6             7            13366          17912         15551       108.9k  0.70  
http_header (response)            IPv4       6             7            67912         114724         89113       623.8k  4.01  
http_header (response trailer)    IPv4       6             7             4500           4766          4590        32.1k  0.21  
http_content_type (response)      IPv4       6             7            10512          18350         15018       105.1k  0.68  
http_raw_header (response)        IPv4       6             9            11500          44548         18558       167.0k  1.07  
http_cookie (response)            IPv4       6             7             5266           6252          5692        39.8k  0.26  
http_stat_code                    IPv4       6             7             5600           6882          6319        44.2k  0.28  
tls_cert_issuer                   IPv4       6             1            18616          18616         18616        18.6k  0.12  
tls_cert_subject                  IPv4       6             1             8914           8914          8914         8.9k  0.06  
tls_cert_serial                   IPv4       6             1            10554          10554         10554        10.6k  0.07  
file_data (http response)         IPv4       6             2             5534           6920          6227        12.5k  0.08  
Total                             IPv4                   534                                         29028        15.5m
payload                           IPv6      17             1            51824          51824         51824        51.8k  0.33  
Total                             IPv6                     1                                         51824        51.8k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1           130             5168         256614         11852          1.5m  0.29  
PROF_DETECT_IPONLY          IPv4       6          1776             5176         497072         44169         78.4m  14.87 
PROF_DETECT_IPONLY          IPv4      17            38             5570         515214         61312          2.3m  0.44  
PROF_DETECT_RULES           IPv4       1           130             4412          33268          5879        764.3k  0.14  
PROF_DETECT_RULES           IPv4       6          1990             4414       84716548         93244        185.6m  35.17 
PROF_DETECT_RULES           IPv4      17            57           113414        8890036        551573         31.4m  5.96  
PROF_DETECT_STATEFUL_START    IPv4       6            25             8986       23416674       1394380         34.9m  6.61  
PROF_DETECT_STATEFUL_CONT    IPv4       1           130             4394          34214          5116        665.1k  0.13  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1990             4392         566510          5992         11.9m  2.26  
PROF_DETECT_STATEFUL_CONT    IPv4      17            57             4528         194248         12987        740.3k  0.14  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            58             4458           6482          4762        276.2k  0.05  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            50             4466           7670          4855        242.8k  0.05  
PROF_DETECT_PREFILTER       IPv4       1           130            32456          80756         37533          4.9m  0.92  
PROF_DETECT_PREFILTER       IPv4       6          1990            13416       14249062         30350         60.4m  11.45 
PROF_DETECT_PREFILTER       IPv4      17            57            46980         534568        102629          5.8m  1.11  
PROF_DETECT_PF_PAYLOAD      IPv4       1           130            13762          41666         17668          2.3m  0.44  
PROF_DETECT_PF_PAYLOAD      IPv4       6            64            24210         918406        150489          9.6m  1.83  
PROF_DETECT_PF_PAYLOAD      IPv4      17            57            15010         469724         52942          3.0m  0.57  
PROF_DETECT_PF_TX           IPv4       6            58             4456         442694         83587          4.8m  0.92  
PROF_DETECT_PF_TX           IPv4      17            33             4462          32768         15191        501.3k  0.10  
PROF_DETECT_PF_SORT1        IPv4       1             1             5132           5132          5132          5.1k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6            51             4438          68474          7185        366.5k  0.07  
PROF_DETECT_PF_SORT1        IPv4      17            57             4656          22684          5987        341.3k  0.06  
PROF_DETECT_PF_SORT2        IPv4       1           130             4402          21374          4774        620.7k  0.12  
PROF_DETECT_PF_SORT2        IPv4       6          1990             4400       14239144         12070         24.0m  4.55  
PROF_DETECT_PF_SORT2        IPv4      17            57             4486           8464          5404        308.1k  0.06  
PROF_DETECT_NONMPMLIST      IPv4       1           130             4422          20686          4910        638.4k  0.12  
PROF_DETECT_NONMPMLIST      IPv4       6          1990             4412        7514490          9204         18.3m  3.47  
PROF_DETECT_NONMPMLIST      IPv4      17            57             4492           6824          5120        291.9k  0.06  
PROF_DETECT_ALERT           IPv4       1           130             4416          21134          4669        607.0k  0.12  
PROF_DETECT_ALERT           IPv4       6          1990             4412         113926          4823          9.6m  1.82  
PROF_DETECT_ALERT           IPv4      17            57             4434          20614          5006        285.4k  0.05  
PROF_DETECT_CLEANUP         IPv4       1           130             4408          17050          4609        599.3k  0.11  
PROF_DETECT_CLEANUP         IPv4       6          1990             4454          35080          5019         10.0m  1.89  
PROF_DETECT_CLEANUP         IPv4      17            57             4444          20986          5617        320.2k  0.06  
PROF_DETECT_GETSGH          IPv4       1           130             4446          20540          5059        657.7k  0.12  
PROF_DETECT_GETSGH          IPv4       6          1990             4420         226166          9639         19.2m  3

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-09-24-T-10-46-11-09242019.1045-network_1.pcap.txt - (137686 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/24/2019 -- 10:46:11. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2020388      1        8        21111162     12.15  5        0        20904328    4222232.40  0.00        4222232.40 
  2        2014702      1        9        9324748      5.36   50       0        8506390     186494.96   0.00        186494.96  
  3        2020661      1        3        7741176      4.45   4        0        7659184     1935294.00  0.00        1935294.00 
  4        2822606      1        3        5467048      3.15   1        0        5467048     5467048.00  0.00        5467048.00 
  5        2022543      1        1        5689076      3.27   15       0        5322316     379271.73   0.00        379271.73  
  6        2022198      1        2        540244       0.31   1        0        540244      540244.00   0.00        540244.00  
  7        2024792      1        2        634124       0.36   2        2        530518      317062.00   317062.00   0.00       
  8        2816356      1        2        896074       0.52   8        0        489734      112009.25   0.00        112009.25  
  9        2018242      1        5        669358       0.39   5        0        486642      133871.60   0.00        133871.60  
  10       2828008      1        2        602594       0.35   8        0        462458      75324.25    0.00        75324.25   
  11       2003657      1        18       601258       0.35   5        0        458410      120251.60   0.00        120251.60  
  12       2819673      1        4        638038       0.37   5        0        458312      127607.60   0.00        127607.60  
  13       2816925      1        3        637162       0.37   5        0        457848      127432.40   0.00        127432.40  
  14       2021701      1        1        874084       0.50   5        0        436928      174816.80   0.00        174816.80  
  15       2016537      1        2        646214       0.37   9        0        435462      71801.56    0.00        71801.56   
  16       2830204      1        1        424838       0.24   1        0        424838      424838.00   0.00        424838.00  
  17       2823788      1        4        583612       0.34   33       0        422822      17685.21    0.00        17685.21   
  18       2021749      1        6        318666       0.18   2        0        312424      159333.00   0.00        159333.00  
  19       2827178      1        1        224822       0.13   1        0        224822      224822.00   0.00        224822.00  
  20       2826160      1        2        224418       0.13   1        0        224418      224418.00   0.00        224418.00  
  21       2025064      1        5        483658       0.28   5        0        208004      96731.60    0.00        96731.60   
  22       2827232      1        2        201996       0.12   1        0        201996      201996.00   0.00        201996.00  
  23       2827502      1        2        198366       0.11   1        0        198366      198366.00   0.00        198366.00  
  24       2827043      1        1        191822       0.11   1        0        191822      191822.00   0.00        191822.00  
  25       2018358      1        7        713944       0.41   5        0        191484      142788.80   0.00        142788.80  
  26       2827788      1        1        189574       0.11   1        0        189574      189574.00   0.00        189574.00  
  27       2827044      1        1        184038       0.11   1        0        184038      184038.00   0.00        184038.00  
  28       2827934      1        1        179056       0.10   1        0        179056      179056.00   0.00        179056.00  
  29       2823324      1        1        177390       0.10   1        0        177390      177390.00   0.00        177390.00  
  30       2829012      1        1        176732       0.10   1        0        176732      176732.00   0.00        176732.00  
  31       2827179      1        1        176054       0.10   1        0        176054      176054.00   0.00        176054.00  
  32       2816909      1        2        542688       0.31   5        0        175116      108537.60   0.00        108537.60  
  33       2826501      1        2        174070       0.10   1        0        174070      174070.00   0.00        174070.00  
  34       2827653      1        1        168144       0.10   1        0        168144      168144.00   0.00        168144.00  
  35       2827519      1        2        164992       0.09   1        0        164992      164992.00   0.00        164992.00  
  36       2827038      1        1        163312       0.09   1        0        163312      163312.00   0.00        163312.00  
  37       2827175      1        1        162278       0.09   1        0        162278      162278.00   0.00        162278.00  
  38       2827174      1        1        160056       0.09   1        0        160056      160056.00   0.00        160056.00  
  39       2018005      1        6        185560       0.11   3        0        159768      61853.33    0.00        61853.33   
  40       2827234      1        1        158660       0.09   1        0        158660      158660.00   0.00        158660.00  
  41       2828012      1        1        158640       0.09   1        0        158640      158640.00   0.00        158640.00  
  42       2827943      1        1        158194       0.09   1        0        158194      158194.00   0.00        158194.00  
  43       2816330      1        2        428124       0.25   4        0        156924      107031.00   0.00        107031.00  
  44       2814978      1        2        163242       0.09   3        0        153684      54414.00    0.00        54414.00   
  45       2828178      1        1        152260       0.09   1        0        152260      152260.00   0.00        152260.00  
  46       2816940      1        2        550362       0.32   5        0        150900      110072.40   0.00        110072.40  
  47       2827781      1        1        150570       0.09   1        0        150570      150570.00   0.00        150570.00  
  48       2025330      1        1        152536       0.09   2        0        147828      76268.00    0.00        76268.00   
  49       2826828      1        1        146564       0.08   1        0        146564      146564.00   0.00        146564.00  
  50       2814979      1        2        157110       0.09   3        0        146070      52370.00    0.00        52370.00   
  51       2827177      1        1        145106       0.08   1        0        145106      145106.00   0.00        145106.00  
  52       2827931      1        1        144624       0.08   1        0        144624      144624.00   0.00        144624.00  
  53       2827360      1        2        144400       0.08   1        0        144400      144400.00   0.00        144400.00  
  54       2824285      1        1        143556       0.08   1        0        143556      143556.00   0.00        143556.00  
  55       2828435      1        1        143266       0.08   1        0        143266      143266.00   0.00        143266.00  
  56       2825496      1        2        142680       0.08   1        0        142680      142680.00   0.00        142680.00  
  57       2828293      1        1        141822       0.08   1        0        141822      141822.00   0.00        141822.00  
  58       2827682      1        2        141274       0.08   1        0        141274      141274.00   0.00        141274.00  
  59       2827866      1        1        141222       0.08   1        0        141222      141222.00   0.00        141222.00  
  60       2827529      1        1        141076       0.08   1        0        141076      141076.00   0.00        141076.00  
  61       2826411      1        2        140986       0.08   1        0        140986      140986.00   0.00        140986.00  
  62       2828910      1        1        140934       0.08   1        0        140934      140934.00   0.00        140934.00  
  63       2827870      1        1        140234       0.08   1        0        140234      140234.00   0.00        140234.00  
  64       2824912      1        1        140066       0.08   1        0        140066      140066.00   0.00        140066.00  
  65       2816530      1        2        373328       0.21   4        0        138232      93332.00    0.00        93332.00   
  66       2825957      1        2        138114       0.08   1        0        138114      138114.00   0.00        138114.00  
  67       2827784      1        1        137912       0.08   1        0        137912      137912.00   0.00        137912.00  
  68       2828035      1        2        137628       0.08   1        0        137628      137628.00   0.00        137628.00  
  69       2828974      1        1        136278       0.08   1        0        136278      136278.00   0.00        136278.00  
  70       2828032      1        2        135276       0.08   1        0        135276      135276.00   0.00        135276.00  
  71       2822759      1        1        134638       0.08   1        0        134638      134638.00   0.00        134638.00  
  72       2828501      1        1        134256       0.08   1        0        134256      134256.00   0.00        134256.00  
  73       2828289      1        1        134242       0.08   1        0        134242      134242.00   0.00        134242.00  
  74       2829363      1        1        133768       0.08   1        0        133768      133768.00   0.00        133768.00  
  75       2827878      1        1        133200       0.08   1        0        133200      133200.00   0.00        133200.00  
  76       2815254      1        7        205738       0.12   2        0        132900      102869.00   0.00        102869.00  
  77       2828499      1        1        132570       0.08   1        0        132570      132570.00   0.00        132570.00  
  78       2824816      1        1        132184       0.08   1        0        132184      132184.00   0.00        132184.00  
  79       2827042      1        1        132096       0.08   1        0        132096      132096.00   0.00        132096.00  
  80       2822623      1        1        131762       0.08   1        0        131762      131762.00   0.00        131762.00  
  81       2827233      1        2        131626       0.08   1        0        131626      131626.00   0.00        131626.00  
  82       2810353      1        5        302772       0.17   4        0        131206      75693.00    0.00        75693.00   
  83       2828172      1        1        130000       0.07   1        0        130000      130000.00   0.00        130000.00  
  84       2828101      1        1        128006       0.07   1        0        128006      128006.00   0.00        128006.00  
  85       2822624      1        1        127580       0.07   1        0        127580      127580.00   0.00        127580.00  
  86       2822814      1        1        126950       0.07   1        0        126950      126950.00   0.00        126950.00  
  87       2825210      1        1        126706       0.07   1        0        126706      126706.00   0.00        126706.00  
  88       2825075      1        1        124994       0.07   1        0        124994      124994.00   0.00        124994.00  
  89       2827792      1        1        124696       0.07   1        0        124696      124696.00   0.00        124696.00  
  90       2827037      1        1        124602       0.07   1        0        124602      124602.00   0.00        124602.00  
  91       2827872      1        1        124492       0.07   1        0        124492      124492.00   0.00        124492.00  
  92       2822604      1        3        124450       0.07   1        0        124450      124450.00   0.00        124450.00  
  93       2827528      1        1        123984       0.07   1        0        123984      123984.00   0.00        123984.00  
  94       2827684      1        1        123566       0.07   1        0        123566      123566.00   0.00        123566.00  
  95       2828019      1        1        123538       0.07   1        0        123538      123538.00   0.00        123538.00  
  96       2826830      1        1        123524       0.07   1        0        123524      123524.00   0.00        123524.00  
  97       2828034      1        2        123406       0.07   1        0        123406      123406.00   0.00        123406.00  
  98       2825567      1        3        128734       0.07   2        0        123372      64367.00    0.00        64367.00   
  99       2824250      1        1        123322       0.07   1        0        123322      123322.00   0.00        123322.00  
  100      2828173      1        1        123244       0.07   1        0        123244      123244.00   0.00        123244.00  
  101      2825212      1        1        123184       0.07   1        0        123184      123184.00   0.00        123184.00  
  102      2827874      1        1        123160       0.07   1        0        123160      123160.00   0.00        123160.00  
  103      2824893      1        1        122858       0.07   1        0        122858      122858.00   0.00        122858.00  
  104      2827500      1        2        122312       0.07   1        0        122312      122312.00   0.00        122312.00  
  105      2827437      1        2        122252       0.07   1        0        122252      122252.00   0.00        122252.00  
  106      2822626      1        1        122234       0.07   1        0        122234      122234.00   0.00        122234.00  
  107      2828296      1        1        122066       0.07   1        0        122066      122066.00   0.00        122066.00  
  108      2827873      1        1        121930       0.07   1        0        121930      121930.00   0.00        121930.00  
  109      2828439      1        1        121700       0.07   1        0        121700      121700.00   0.00        121700.00  
  110      2827176      1        1        121452       0.07   1        0        121452      121452.00   0.00        121452.00  
  111      2827940      1        1        121180       0.07   1        0        121180      121180.00   0.00        121180.00  
  112      2822776      1        1        120862       0.07   1        0        120862      120862.00   0.00        120862.00  
  113      2828014      1        1        120808       0.07   1        0        120808      120808.00   0.00        120808.00  
  114      2822605      1        3        120630       0.07   1        0        120630      120630.00   0.00        120630.00  
  115      2826829      1        1        120484       0.07   1        0        120484      120484.00   0.00        120484.00  
  116      2826164      1        2        120100       0.07   1        0        120100      120100.00   0.00        120100.00  
  117      2829204      1        1        120070       0.07   1        0        120070      120070.00   0.00        120070.00  
  118      2828498      1        1        119950       0.07   1        0        119950      119950.00   0.00        119950.00  
  119      2816895      1        2        119920       0.07   1        0        119920      119920.00   0.00        119920.00  
  120      2825705      1        3        119428       0.07   1        0        119428      119428.00   0.00        119428.00  
  121      2829762      1        1        119362       0.07   1        0        119362      119362.00   0.00        119362.00  
  122      2827526      1        1        119352       0.07   1        0        119352      119352.00   0.00        119352.00  
  123      2826161      1        2        119346       0.07   1        0        119346      119346.00   0.00        119346.00  
  124      2826832      1        1        119302       0.07   1        0        119302      119302.00   0.00        119302.00  
  125      2825276      1        1        1

This file has been truncated. Go here to download in full.


stats.log - (3686 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
------------------------------------------------------------------------------------
Date: 9/24/2019 -- 10:46:11 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 2205
decoder.bytes                              | Total                     | 152825
decoder.ipv4                               | Total                     | 2166
decoder.ipv6                               | Total                     | 1
decoder.ethernet                           | Total                     | 2205
decoder.tcp                                | Total                     | 1979
decoder.udp                                | Total                     | 58
decoder.icmpv4                             | Total                     | 130
decoder.avg_pkt_size                       | Total                     | 69
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 1686
flow.udp                                   | Total                     | 22
tcp.sessions                               | Total                     | 1686
tcp.syn                                    | Total                     | 1688
tcp.synack                                 | Total                     | 29
tcp.rst                                    | Total                     | 155
tcp.overlap                                | Total                     | 7
detect.alert                               | Total                     | 11
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 4
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 5
app_layer.tx.http                          | Total                     | 8
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.failed_tcp                  | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 18
app_layer.tx.dns_udp                       | Total                     | 18
app_layer.flow.failed_udp                  | Total                     | 4
flow_mgr.closed_pruned                     | Total                     | 4
flow_mgr.new_pruned                        | Total                     | 5
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 1684
flow_mgr.flows_notimeout                   | Total                     | 1682
flow_mgr.flows_timeout                     | Total                     | 2
flow_mgr.flows_timeout_inuse               | Total                     | 1
flow_mgr.flows_removed                     | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 63868
flow_mgr.rows_empty                        | Total                     | 5
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7563904


eve.json - (29556 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
{"timestamp":"2019-09-24T10:27:17.479590+0000","flow_id":187595305079142,"pcap_cnt":15,"event_type":"dns","src_ip":"192.168.240.97","src_port":58831,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1,"rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-24T10:27:17.490774+0000","flow_id":187595305079142,"pcap_cnt":16,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":58831,"proto":"UDP","dns":{"type":"answer","id":1,"rcode":"NOERROR","rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","ttl":20698,"rdata":"dns.google"}}
{"timestamp":"2019-09-24T10:27:17.493406+0000","flow_id":2010478209763166,"pcap_cnt":17,"event_type":"dns","src_ip":"192.168.240.97","src_port":58832,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2,"rrname":"aj.0x0x0x0x0.best","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:27:17.502866+0000","flow_id":2010478209763166,"pcap_cnt":18,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":58832,"proto":"UDP","dns":{"type":"answer","id":2,"rcode":"NOERROR","rrname":"aj.0x0x0x0x0.best","rrtype":"A","ttl":17,"rdata":"185.198.57.213"}}
{"timestamp":"2019-09-24T10:27:20.632435+0000","flow_id":1163768357234291,"pcap_cnt":28,"event_type":"dns","src_ip":"192.168.240.97","src_port":51378,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34928,"rrname":"aj.0x0x0x0x0.best","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:27:18.156143+0000","flow_id":1163768357234291,"pcap_cnt":29,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":51378,"proto":"UDP","dns":{"type":"answer","id":34928,"rcode":"NOERROR","rrname":"aj.0x0x0x0x0.best","rrtype":"A","ttl":16,"rdata":"185.198.57.213"}}
{"timestamp":"2019-09-24T10:27:18.459786+0000","flow_id":506741439999960,"pcap_cnt":36,"event_type":"alert","src_ip":"192.168.240.97","src_port":49261,"dest_ip":"185.198.57.213","dest_port":63145,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016879,"rev":4,"signature":"ET POLICY Unsupported\/Fake Windows NT Version 5.0","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-24T10:27:18.459786+0000","flow_id":506741439999960,"pcap_cnt":36,"event_type":"http","src_ip":"192.168.240.97","src_port":49261,"dest_ip":"185.198.57.213","dest_port":63145,"proto":"TCP","tx_id":0,"http":{"hostname":"aj.0x0x0x0x0.best","url":"\/conf.ini","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.0)","http_content_type":"application\/octet-stream"}}
{"timestamp":"2019-09-24T10:27:20.499474+0000","flow_id":506741439999960,"pcap_cnt":38,"event_type":"fileinfo","src_ip":"185.198.57.213","src_port":63145,"dest_ip":"192.168.240.97","dest_port":49261,"proto":"TCP","http":{"hostname":"aj.0x0x0x0x0.best","url":"\/conf.ini","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.0)","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":742},"app_proto":"http","fileinfo":{"filename":"\/conf.ini","gaps":false,"state":"CLOSED","stored":false,"size":742,"tx_id":0}}
{"timestamp":"2019-09-24T10:27:20.499568+0000","flow_id":506741439999960,"pcap_cnt":39,"event_type":"alert","src_ip":"192.168.240.97","src_port":49261,"dest_ip":"185.198.57.213","dest_port":63145,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2016879,"rev":4,"signature":"ET POLICY Unsupported\/Fake Windows NT Version 5.0","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-24T10:27:20.499568+0000","flow_id":506741439999960,"pcap_cnt":39,"event_type":"http","src_ip":"192.168.240.97","src_port":49261,"dest_ip":"185.198.57.213","dest_port":63145,"proto":"TCP","tx_id":1,"http":{"hostname":"aj.0x0x0x0x0.best","url":"\/conf.ini","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.0)","http_content_type":"application\/octet-stream"}}
{"timestamp":"2019-09-24T10:27:40.243307+0000","flow_id":918130588956267,"pcap_cnt":56,"event_type":"dns","src_ip":"192.168.240.97","src_port":49645,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7738,"rrname":"teredo.ipv6.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:27:40.245009+0000","flow_id":918130588956267,"pcap_cnt":57,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":49645,"proto":"UDP","dns":{"type":"answer","id":7738,"rcode":"NXDOMAIN","rrname":"teredo.ipv6.microsoft.com"}}
{"timestamp":"2019-09-24T10:27:40.245009+0000","flow_id":918130588956267,"pcap_cnt":57,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":49645,"proto":"UDP","dns":{"type":"answer","id":7738,"rcode":"NXDOMAIN","rrname":"ipv6.microsoft.com","rrtype":"SOA","ttl":1469}}
{"timestamp":"2019-09-24T10:27:52.225030+0000","flow_id":2138120345120518,"pcap_cnt":62,"event_type":"dns","src_ip":"192.168.240.97","src_port":63029,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30522,"rrname":"v4.ipv6-test.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:28:05.180023+0000","flow_id":772483954622263,"pcap_cnt":69,"event_type":"dns","src_ip":"192.168.240.97","src_port":65427,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55221,"rrname":"mi.oops.best","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:28:02.639408+0000","flow_id":1876062916231600,"pcap_cnt":70,"event_type":"dns","src_ip":"192.168.240.97","src_port":61891,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41546,"rrname":"ifconfig.me","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:28:07.250427+0000","flow_id":1124933266035259,"pcap_cnt":74,"event_type":"dns","src_ip":"192.168.240.97","src_port":61918,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9566,"rrname":"dns.msftncsi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:28:07.357178+0000","flow_id":1124933266035259,"pcap_cnt":85,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":61918,"proto":"UDP","dns":{"type":"answer","id":9566,"rcode":"NOERROR","rrname":"dns.msftncsi.com","rrtype":"A","ttl":16,"rdata":"131.107.255.255"}}
{"timestamp":"2019-09-24T10:28:08.602354+0000","flow_id":772483954622263,"pcap_cnt":87,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":65427,"proto":"UDP","dns":{"type":"answer","id":55221,"rcode":"NOERROR","rrname":"mi.oops.best","rrtype":"A","ttl":52,"rdata":"185.147.34.136"}}
{"timestamp":"2019-09-24T10:28:11.756675+0000","flow_id":2179334852555488,"pcap_cnt":91,"event_type":"alert","src_ip":"192.168.240.97","src_port":49264,"dest_ip":"185.147.34.136","dest_port":35789,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024792,"rev":2,"signature":"ET POLICY Cryptocurrency Miner Checkin","category":"Potential Corporate Privacy Violation","severity":1}}
{"timestamp":"2019-09-24T10:28:09.226286+0000","flow_id":1876062916231600,"pcap_cnt":95,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":61891,"proto":"UDP","dns":{"type":"answer","id":41546,"rcode":"NOERROR","rrname":"ifconfig.me","rrtype":"A","ttl":589,"rdata":"216.239.32.21"}}
{"timestamp":"2019-09-24T10:28:09.226286+0000","flow_id":1876062916231600,"pcap_cnt":95,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":61891,"proto":"UDP","dns":{"type":"answer","id":41546,"rcode":"NOERROR","rrname":"ifconfig.me","rrtype":"A","ttl":589,"rdata":"216.239.34.21"}}
{"timestamp":"2019-09-24T10:28:09.226286+0000","flow_id":1876062916231600,"pcap_cnt":95,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":61891,"proto":"UDP","dns":{"type":"answer","id":41546,"rcode":"NOERROR","rrname":"ifconfig.me","rrtype":"A","ttl":589,"rdata":"216.239.36.21"}}
{"timestamp":"2019-09-24T10:28:09.226286+0000","flow_id":1876062916231600,"pcap_cnt":95,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":61891,"proto":"UDP","dns":{"type":"answer","id":41546,"rcode":"NOERROR","rrname":"ifconfig.me","rrtype":"A","ttl":589,"rdata":"216.239.38.21"}}
{"timestamp":"2019-09-24T10:28:09.458164+0000","flow_id":359686058082715,"pcap_cnt":104,"event_type":"tls","src_ip":"192.168.240.97","src_port":49265,"dest_ip":"216.239.32.21","dest_port":443,"proto":"TCP","tls":{"subject":"CN=ifconfig.me","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-09-24T10:28:12.730798+0000","flow_id":506741439999960,"pcap_cnt":111,"event_type":"fileinfo","src_ip":"185.198.57.213","src_port":63145,"dest_ip":"192.168.240.97","dest_port":49261,"proto":"TCP","http":{"hostname":"aj.0x0x0x0x0.best","url":"\/conf.ini","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.0)","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":742},"app_proto":"http","fileinfo":{"filename":"\/conf.ini","gaps":false,"state":"CLOSED","stored":false,"size":742,"tx_id":1}}
{"timestamp":"2019-09-24T10:28:13.187740+0000","flow_id":451916186115420,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.240.97","src_port":51903,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40079,"rrname":"ctldl.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:28:13.188442+0000","flow_id":451916186115420,"pcap_cnt":114,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":51903,"proto":"UDP","dns":{"type":"answer","id":40079,"rcode":"NOERROR","rrname":"ctldl.windowsupdate.com","rrtype":"CNAME","ttl":2894,"rdata":"audownload.windowsupdate.nsatc.net"}}
{"timestamp":"2019-09-24T10:28:13.188442+0000","flow_id":451916186115420,"pcap_cnt":114,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":51903,"proto":"UDP","dns":{"type":"answer","id":40079,"rcode":"NOERROR","rrname":"audownload.windowsupdate.nsatc.net","rrtype":"CNAME","ttl":571,"rdata":"auto.au.download.windowsupdate.com.c.footprint.net"}}
{"timestamp":"2019-09-24T10:28:13.188442+0000","flow_id":451916186115420,"pcap_cnt":114,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":51903,"proto":"UDP","dns":{"type":"answer","id":40079,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":571,"rdata":"8.253.112.249"}}
{"timestamp":"2019-09-24T10:28:13.188442+0000","flow_id":451916186115420,"pcap_cnt":114,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":51903,"proto":"UDP","dns":{"type":"answer","id":40079,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":571,"rdata":"67.24.195.254"}}
{"timestamp":"2019-09-24T10:28:13.188442+0000","flow_id":451916186115420,"pcap_cnt":114,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":51903,"proto":"UDP","dns":{"type":"answer","id":40079,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":571,"rdata":"8.253.197.107"}}
{"timestamp":"2019-09-24T10:28:13.188442+0000","flow_id":451916186115420,"pcap_cnt":114,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":51903,"proto":"UDP","dns":{"type":"answer","id":40079,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":571,"rdata":"8.253.112.218"}}
{"timestamp":"2019-09-24T10:28:13.188442+0000","flow_id":451916186115420,"pcap_cnt":114,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":51903,"proto":"UDP","dns":{"type":"answer","id":40079,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":571,"rdata":"8.253.112.121"}}
{"timestamp":"2019-09-24T10:28:13.288794+0000","flow_id":1803250336341302,"pcap_cnt":127,"event_type":"http","src_ip":"192.168.240.97","src_port":49266,"dest_ip":"8.253.112.249","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ctldl.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/disallowedcertstl.cab?6d5f7ced93cec338","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed"}}
{"timestamp":"2019-09-24T10:28:19.564693+0000","flow_id":565831604084181,"pcap_cnt":130,"event_type":"dns","src_ip":"192.168.240.97","src_port":49774,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16391,"rrname":"isrg.trustid.ocsp.identrust.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:28:19.576247+0000","flow_id":565831604084181,"pcap_cnt":131,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":49774,"proto":"UDP","dns":{"type":"answer","id":16391,"rcode":"NOERROR","rrname":"isrg.trustid.ocsp.identrust.com","rrtype":"CNAME","ttl":26,"rdata":"isrg.trustid.ocsp.identrust.com.edgesuite.net"}}
{"timestamp":"2019-09-24T10:28:19.576247+0000","flow_id":565831604084181,"pcap_cnt":131,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":49774,"proto":"UDP","dns":{"type":"answer","id":16391,"rcode":"NOERROR","rrname":"isrg.trustid.ocsp.identrust.com.edgesuite.net","rrtype":"CNAME","ttl":2275,"rdata":"a279.dscq.akamai.net"}}
{"timestamp":"2019-09-24T10:28:19.576247+0000","flow_id":565831604084181,"pcap_cnt":131,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":49774,"proto":"UDP","dns":{"type":"answer","id":16391,"rcode":"NOERROR","rrname":"a279.dscq.akamai.net","rrtype":"A","ttl":19,"rdata":"23.214.97.106"}}
{"timestamp":"2019-09-24T10:28:19.576247+0000","flow_id":565831604084181,"pcap_cnt":131,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":49774,"proto":"UDP","dns":{"type":"answer","id":16391,"rcode":"NOERROR","rrname":"a279.dscq.akamai.net","rrtype":"A","ttl":19,"rdata":"23.214.97.88"}}
{"timestamp":"2019-09-24T10:28:19.700093+0000","flow_id":814076418797080,"pcap_cnt":140,"event_type":"http","src_ip":"192.168.240.97","src_port":49267,"dest_ip":"23.214.97.106","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"isrg.trustid.ocsp.identrust.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2019-09-24T10:28:19.712875+0000","flow_id":814076418797080,"pcap_cnt":141,"event_type":"fileinfo","src_ip":"23.214.97.106","src_port":80,"dest_ip":"192.168.240.97","dest_port":49267,"proto":"TCP","http":{"hostname":"isrg.trustid.ocsp.identrust.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1398},"app_proto":"http","fileinfo":{"filename":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf\/EFWCFiRACEAoBQUIAAAFThXNqC4Xspwg=","gaps":false,"state":"CLOSED","stored":false,"size":1398,"tx_id":0}}
{"timestamp":"2019-09-24T10:28:19.884063+0000","flow_id":988598119923039,"pcap_cnt":144,"event_type":"dns","src_ip":"192.168.240.97","src_port":60034,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35522,"rrname":"200019.ip138.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-24T10:28:19.888752+0000","flow_id":988598119923039,"pcap_cnt":147,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.97","dest_port":60034,"proto":"UDP","dns":{"type":"answer","id":35522,"rcode":"NOERROR","rrname":"200019.ip138.com","rrtype":"A","ttl":74,"rdata":"222.187.232.243"}}
{"timestamp":"2019-09-24T10:28:20.396376+0000","flow_id":1774173408201816,"pcap_cnt":154,"event_type":"dns","src_ip":"192.168.240.97

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-09-24-T-10-46-11-09242019.1045-network_1.pcap.txt - (2381 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
09/24/2019-10:27:18.459786  [**] [1:2016879:4] ET POLICY Unsupported/Fake Windows NT Version 5.0 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.240.97:49261 -> 185.198.57.213:63145
09/24/2019-10:27:20.499568  [**] [1:2016879:4] ET POLICY Unsupported/Fake Windows NT Version 5.0 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.240.97:49261 -> 185.198.57.213:63145
09/24/2019-10:28:11.756675  [**] [1:2024792:2] ET POLICY Cryptocurrency Miner Checkin [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.240.97:49264 -> 185.147.34.136:35789
09/24/2019-10:28:43.094279  [**] [1:2016879:4] ET POLICY Unsupported/Fake Windows NT Version 5.0 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.240.97:49268 -> 222.187.232.243:80
09/24/2019-10:30:21.792505  [**] [1:2024792:2] ET POLICY Cryptocurrency Miner Checkin [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.240.97:49264 -> 185.147.34.136:35789
09/24/2019-10:30:21.792505  [**] [1:2826930:3] ETPRO POLICY XMR CoinMiner Usage [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.240.97:49264 -> 185.147.34.136:35789
09/24/2019-10:30:21.792505  [**] [1:2827869:1] ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-08 3) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.97:49264 -> 185.147.34.136:35789
09/24/2019-10:30:06.586771  [**] [1:2814897:4] ETPRO TROJAN W32.YoungLotus Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.97:49270 -> 185.147.34.136:51888
09/24/2019-10:30:10.296093  [**] [1:2016879:4] ET POLICY Unsupported/Fake Windows NT Version 5.0 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.240.97:49272 -> 185.198.57.213:63145
09/24/2019-10:30:10.536325  [**] [1:2016879:4] ET POLICY Unsupported/Fake Windows NT Version 5.0 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.240.97:49272 -> 185.198.57.213:63145
09/24/2019-10:30:45.616443  [**] [1:2814897:4] ETPRO TROJAN W32.YoungLotus Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.97:49275 -> 185.147.34.136:51888


unified2.alert.1569321969 - (5475 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
4]䕠
Æo!À¨ða¹Æ9ÕÀmö©ñ]‰ï†]‰ï†
ÕEÇŒÀ¨ða¹Æ9ÕÀmö©P9GET /conf.ini HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: aj.0x0x0x0x0.best:63145
Cache-Control: no-cache

4]‰ïˆŸpÆo!À¨ða¹Æ9ÕÀmö©ñ]‰ïˆ]‰ïˆŸpÕEÇŒÀ¨ða¹Æ9ÕÀmö©P9GET /conf.ini HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: aj.0x0x0x0x0.best:63145
Cache-Control: no-cache

4]‰ï»‹ÃåX!À¨ða¹“"ˆÀp‹Íj]‰ï»]‰ï»‹ÃN^
'ŠCÖE@¸@€fÚÀ¨ða¹“"ˆÀp‹Íí\òŸ®P"£{"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"","pass":"x","agent":"XMRig/3.1.1 (Windows NT 6.1) libuv/1.15.0 gcc/9.2.0","algo":["cn/0","cn/1","cn/2","cn/r","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","rx/test","rx/wow","rx/loki"]}}
4]‰ïÛpGÆo!À¨ðaÞ»èóÀtPâ]‰ïÛ]‰ïÛpGÆE¸A‡À¨ðaÞ»èóÀtPPtGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 200019.ip138.com
Cache-Control: no-cache

â]‰ïÛ]‰ïÛpGÆE¸A‡À¨ðaÞ»èóÀtPPtGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 200019.ip138.com
Cache-Control: no-cache

â]‰ïÛ]‰ïÛpGÆE¸A‡À¨ðaÞ»èóÀtPPtGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 200019.ip138.com
Cache-Control: no-cache

â]‰ïÛ]‰ïÛpGÆE¸A‡À¨ðaÞ»èóÀtPPtGET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 200019.ip138.com
Cache-Control: no-cache

4]‰ð=¹åX!À¨ða¹“"ˆÀp‹Íj]‰ð=]‰ð=¹NE@,“À¨ða¹“"ˆÀp‹ÍP6W{"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"","pass":"x","agent":"XMRig/3.1.1 (Windows NT 6.1) libuv/1.15.0 gcc/9.2.0","algo":["cn/0","cn/1","cn/2","cn/r","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","rx/test","rx/wow","rx/loki"]}}
4]‰ð=¹+"²!À¨ða¹“"ˆÀp‹Íj]‰ð=]‰ð=¹NE@,“À¨ða¹“"ˆÀp‹ÍP6W{"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"","pass":"x","agent":"XMRig/3.1.1 (Windows NT 6.1) libuv/1.15.0 gcc/9.2.0","algo":["cn/0","cn/1","cn/2","cn/r","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","rx/test","rx/wow","rx/loki"]}}
4]‰ð=¹+&]À¨ða¹“"ˆÀp‹Íj]‰ð=]‰ð=¹NE@,“À¨ða¹“"ˆÀp‹ÍP6W{"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"","pass":"x","agent":"XMRig/3.1.1 (Windows NT 6.1) libuv/1.15.0 gcc/9.2.0","algo":["cn/0","cn/1","cn/2","cn/r","cn/wow","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","rx/test","rx/wow","rx/loki"]}}
4]‰ð.ô*ó±À¨ða¹“"ˆÀvÊ°Õ]‰ð.]‰ð.ô¹E«,(À¨ða¹“"ˆÀvÊ°P6gëÛ³’““ç’““’“““K×öùòæï瓓““““““““““““““““““““““““S+còËÒÃÆÕÈÄ®Ãԓ“““““““““““““““““““““““““““““““““““““““““ÿ“““™“““’“““"~““•“““Äöåéêôö³Ãòôì³¢“’+lñ’ø°¿æ#Z5a```æò½æ““““““““““““;0ò“”“““““““—““û’“““»oñ’“““““““”“““oö:èÿˆeæ’““““““Wˆeæ(}ðO’“““’““““““·“““’“““’““““’’™“““’“““"~““¥­¥¥££ÎËݓ“““““““““Š’““““““’““““™gæ`Œ““¥£¢š®£š®¥§³¢§§§““““““““““““““““““““““““““““““““““““{oñ’4ғƒ’““ÿañ’¯oñ’4	]‰ð2„Æo!À¨ða¹Æ9ÕÀxö©ñ	]‰ð2]‰ð2„ÕEÇŒÀ¨ða¹Æ9ÕÀxö©P9GET /conf.ini HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: aj.0x0x0x0x0.best:63145
Cache-Control: no-cache

4
]‰ð2/Æo!À¨ða¹Æ9ÕÀxö©ñ
]‰ð2]‰ð2/ÕEÇŒÀ¨ða¹Æ9ÕÀxö©P9GET /conf.ini HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: aj.0x0x0x0x0.best:63145
Cache-Control: no-cache

4]‰ðU	gû*ó±À¨ða¹“"ˆÀ{Ê°Ç]‰ðU]‰ðU	gû«E«,(À¨ða¹“"ˆÀ{Ê°P¤«ëÛ³’““ç’““’“““K×öùòæï瓓“““““““““““““““““““““““«“S+còËÒÃÆÕÈÄ®Ãԓ“““““““““““““““““““““““““““““““““““““““““ÿ“““™“““’“““"~““•“““Äöåéêôö³Ãòôì³¢“’+lé’ø°¿æg^£a```æò½æ““““““““““““K¥“”“““““““—““û’“““»o钏“““““““”“““oö:èÿˆeæ#’““““““WˆeæÃüð֒“““#’““““““·“““’“““’““““’’™“““’“““"~““¥­¥¥££ÎËݓ«“““““““““z’““““““’““““™gæ`˜““¥£¢š®£š®¥§³¢§§§““““““““““““““““““““““““““““““““““““{oé’4ғƒ#’““ÿa钯oé’Ç]‰ðU]‰ðU	gû«E«,(À¨ða¹“"ˆÀ{Ê°P¤«ëÛ³’““ç’““’“““K×öùòæï瓓“““““““““““““““““““““““«“S+còËÒÃÆÕÈÄ®Ãԓ“““““““““““““““““““““““““““““““““““““““““ÿ“““™“““’“““"~““•“““Äöåéêôö³Ãòôì³¢“’+lé’ø°¿æg^£a```æò½æ““““““““““““K¥“”“““““““—““û’“““»o钏“““““““”“““oö:èÿˆeæ#’““““““WˆeæÃüð֒“““#’““““““·“““’“““’““““’’™“““’“““"~““¥­¥¥££ÎËݓ«“““““““““z’““““““’““““™gæ`˜““¥£¢š®£š®¥§³¢§§§““““““““““““““““““““““““““““““““““““{oé’4ғƒ#’““ÿa钯oé’


keyword_perf.log - (12202 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/24/2019 -- 10:46:11
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2861110         416             416             421456          6877.00         6877.00         0.00           
  threshold        131718          5               5               90026           26343.00        26343.00        0.00           
  content          45998798        4332            3093            20797990        10618.00        12663.00        5513.00        
  pcre             34364896        1705            827             5362614         20155.00        18538.00        21678.00       
  byte_test        1162200         216             101             40260           5380.00         5780.00         5028.00        
  byte_jump        19042           2               2               14012           9521.00         9521.00         0.00           
  isdataat         86974           15              0               21038           5798.00         0.00            5798.00        
  flowbits         88944           9               9               34542           9882.00         9882.00         0.00           
  urilen           654250          121             19              34990           5407.00         5115.00         5461.00        
  byte_extract     44818           8               8               13122           5602.00         5602.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2861110         416             416             421456          6877.00         6877.00         0.00           
  flowbits         71830           8               8               34542           8978.00         8978.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          20681140        3669            2681            82098           5636.00         5880.00         4973.00        
  pcre             32756456        1608            796             5362614         20370.00        18623.00        22083.00       
  byte_test        1162200         216             101             40260           5380.00         5780.00         5028.00        
  byte_jump        19042           2               2               14012           9521.00         9521.00         0.00           
  isdataat         86974           15              0               21038           5798.00         0.00            5798.00        
  byte_extract     44818           8               8               13122           5602.00         5602.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         17114           1               1               17114           17114.00        17114.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        131718          5               5               90026           26343.00        26343.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          351648          62              11              7532            5671.00         6204.00         5556.00        
  pcre             490636          38              5               64384           12911.00        8570.00         13569.00       
  urilen           654250          121             19              34990           5407.00         5115.00         5461.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          36694           7               0               5630            5242.00         0.00            5242.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          23486736        362             286             20797990        64880.00        78914.00        12066.00       
  pcre             1007698         49              16              112164          20565.00        22096.00        19822.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          173786          29              2               7404            5992.00         6255.00         5973.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          63602           11              9               6668            5782.00         6021.00         4705.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          910978          143             95              64470           6370.00         6777.00         5564.00        
  pcre             110106          10              10              28438           11010.00        11010.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6416            1               1               6416            6416.00         6416.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          46238           8               8               6110            5779.00         5779.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          241560          40              0               19816           6039.00         0.00            6039.00        


IDSDeathBlossom.py.log - (1149 bytes) - download
1
2
3
4
5
6
7
8
2019-09-24 10:45:44,270 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-24 10:45:45,052 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-24 10:45:45,053 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-24 10:45:45,053 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-24 10:45:45,053 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-24 10:45:45,053 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/963155fedaeede94eee65e2339347ae656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09242019.1045-network_1.pcap -vvv -k none
2019-09-24 10:46:11,411 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-24 10:46:11,412 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.1514408588