Filename: ab7b8c08-3c50-4ac7-b5e6-c4d8d982447c.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.2087891102 seconds
Hash: 9f2dc75bab0dfc7890488ed36da71eb2
Uploaded: 1553615712

Logfiles


packet_stats.log - (13690 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          6597          3681959      915797320     652098390       4301.9b   95.27
 IPv4      17            44          3624789      914394422     581036299         25.6b    0.57
 IPv6      17           138          4937191      915832806     853732829        117.8b    2.61
 IPv6      58            79        649255740      915887342     891213429         70.4b    1.56
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          6597            68650        9721644        169247          1.1b   90.45
TMM_FLOWWORKER              IPv4      17            44           118947       15790116        762718         33.6m    2.72
TMM_RECEIVEPCAPFILE         IPv4       6          6595             2531       14022614          5031         33.2m    2.69
TMM_RECEIVEPCAPFILE         IPv4      17            44             2569           3474          2793        122.9k    0.01
TMM_DECODEPCAPFILE          IPv4       6          6595             2645        4548387          3597         23.7m    1.92
TMM_DECODEPCAPFILE          IPv4      17            44             2708          25165          3978        175.0k    0.01
TMM_FLOWWORKER              IPv6      17           138           107908         304195        145213         20.0m    1.62
TMM_FLOWWORKER              IPv6      58            79            65967         102322         73185          5.8m    0.47
TMM_RECEIVEPCAPFILE         IPv6      17           138             2538           3421          2664        367.7k    0.03
TMM_RECEIVEPCAPFILE         IPv6      58            79             2532          30305          3326        262.8k    0.02
TMM_DECODEPCAPFILE          IPv6      17           138             2679          17008          3157        435.7k    0.04
TMM_DECODEPCAPFILE          IPv6      58            79             2707          12469          3259        257.5k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          6595             2693        5547127          4918         32.4m  3.12  
flow                    IPv4      17            44             2827          32086          5677        249.8k  0.02  
stream                  IPv4       6          6597             2606        5651984          6459         42.6m  4.10  
app-layer               IPv4      17            44             2532          43003          5246        230.9k  0.02  
detect                  IPv4       6          6597            44768        9687923        136766        902.2m  86.89 
detect                  IPv4      17            44           102696        7786747        390370         17.2m  1.65  
tcp-prune               IPv4       6          6597             2532          74184          3031         20.0m  1.93  
flow                    IPv6      17           138             2783         121202          4187        577.8k  0.06  
flow                    IPv6      58            79             2812          22404          3496        276.3k  0.03  
app-layer               IPv6      17           138             2525          36548          4061        560.6k  0.05  
detect                  IPv6      17           138            91755         258415        125084         17.3m  1.66  
detect                  IPv6      58            79            55155          87335         60646          4.8m  0.46  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
tls                     IPv4       6             4             2849           7954          4205         16.8k  15.63 
tls                     IPv4      17             1             3380           3380          3380          3.4k  3.14  
dns                     IPv4      17             2             9307          19028         14167         28.3k  26.32 
tls                     IPv6      17            20             2849           3380          2955         59.1k  54.91 
Proto detect            IPv4      17             7             2942          25319          9919         69.4k
Proto detect            IPv6      17            23             2739           9965          3756         86.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2            61167       15292511       7676839         15.4m  98.68 
LOGGER_JSON_TLS             IPv4       6             2            73048         132542        102795        205.6k  1.32  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            18             2608         208786         53988       971.8k  8.80  
payload                           IPv4      17            44             3165        7652824        191500         8.4m  76.31 
stream                            IPv4       6            18             2542         207657         32786       590.2k  5.34  
dns_query                         IPv4      17             1            10904          10904         10904        10.9k  0.10  
tls_sni                           IPv4       6             7             2927           9643          5133        35.9k  0.33  
tls_cert_issuer                   IPv4       6             2             2805          14218          8511        17.0k  0.15  
tls_cert_subject                  IPv4       6             2             2599           8147          5373        10.7k  0.10  
tls_cert_serial                   IPv4       6             2             2977           6856          4916         9.8k  0.09  
Total                             IPv4                    94                                        107153        10.1m
payload                           IPv6      17           138             3128          21370          5016       692.3k  6.27  
payload                           IPv6      58            79             2688          15594          3502       276.7k  2.51  
Total                             IPv6                   217                                          4465       969.0k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            22062          86536         57671        230.7k  0.03  
PROF_DETECT_IPONLY          IPv4      17             7            37487         168953         70831        495.8k  0.06  
PROF_DETECT_RULES           IPv4       6          6597             2518        5876252          4202         27.7m  3.60  
PROF_DETECT_RULES           IPv4      17            44            44933         282581        121476          5.3m  0.69  
PROF_DETECT_STATEFUL_START    IPv4       6             1           141821         141821        141821        141.8k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv4       6          6597             2512        7529165         66489        438.6m  56.98 
PROF_DETECT_STATEFUL_CONT    IPv4      17            44             2511          43106          3929        172.9k  0.02  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          6589             2543        6387732          3702         24.4m  3.17  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             2932           3218          3075          6.2k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          6597             7762        2246807         16138        106.5m  13.83 
PROF_DETECT_PREFILTER       IPv4      17            44            23683        7679510        216022          9.5m  1.23  
PROF_DETECT_PF_PAYLOAD      IPv4       6            18            18911         271660         94626          1.7m  0.22  
PROF_DETECT_PF_PAYLOAD      IPv4      17            44             8258        7659747        196812          8.7m  1.12  
PROF_DETECT_PF_TX           IPv4       6          6589             2639         110621          3026         19.9m  2.59  
PROF_DETECT_PF_TX           IPv4      17             1            17275          17275         17275         17.3k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6            16             2606           5814          3294         52.7k  0.01  
PROF_DETECT_PF_SORT1        IPv4      17            44             2611          16256          4187        184.3k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6          6597             2510         390388          2913         19.2m  2.50  
PROF_DETECT_PF_SORT2        IPv4      17            44             2545           5041          3216        141.5k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6          6597             2523        2285308          3266         21.6m  2.80  
PROF_DETECT_NONMPMLIST      IPv4      17            44             2590           4273          3005        132.2k  0.02  
PROF_DETECT_ALERT           IPv4       6          6597             2516          64030          2775         18.3m  2.38  
PROF_DETECT_ALERT           IPv4      17            44             2538          16402          3320        146.1k  0.02  
PROF_DETECT_CLEANUP         IPv4       6          6597             2559        5805574          3941         26.0m  3.38  
PROF_DETECT_CLEANUP         IPv4      17            44             2527          21705          3322        146.2k  0.02  
PROF_DETECT_GETSGH          IPv4       6          6597             2514         390249          3050         20.1m  2.61  
PROF_DETECT_GETSGH          IPv4      17            44             2612          35189          3983        175.3k  0.02  
PROF_DETECT_IPONLY          IPv6      17            23             2959          30903          5173        119.0k  0.02  
PROF_DETECT_IPONLY          IPv6      58             3             3234          13087          8766         26.3k  0.00  
PROF_DETECT_RULES           IPv6      17           138            33436         157036         56877          7.8m  1.02  
PROF_DETECT_RULES           IPv6      58            79             2525          21583          3745        295.9k  0.04  
PROF_DETECT_STATEFUL_CONT    IPv6      17           138             2514           3570          2811        388.0k  0.05  
PROF_DETECT_STATEFUL_CONT    IPv6      58            79             2530          18288          3148        248.8k  0.03  
PROF_DETECT_PREFILTER       IPv6      17           138            23970          58350         27990          3.9m  0.50  
PROF_DETECT_PREFILTER       IPv6      58            79            18338          40434         20222          1.6m  0.21  
PROF_DETECT_PF_PAYLOAD      IPv6      17           138             8222          26713         10460          1.4m  0.19  
PROF_DETECT_PF_PAYLOAD      IPv6      58            79             7774          29304          9131        721.4k  0.09  
PROF_DETECT_PF_SORT1        IPv6      17           138             2603          35766          3324        458.8k  0.06  
PROF_DETECT_PF_SORT2        IPv6      17           138             2538          22646          2817        388.8k  0.05  
PROF_DETECT_PF_SORT2        IPv6      58            79             2512           3639          2594        205.0k  0.03  
PROF_DETECT_NONMPMLIST      IPv6      17           138             2532           4270          2832        390.9k  0.05  
PROF_DETECT_NONMPMLIST      IPv6      58            79             2506           3599          2791        220.5k  0.03  
PROF_DETECT_ALERT           IPv6      17           138             2526           3586          2681        370.0k  0.05  
PROF_DETECT_ALERT           IPv6      58            79             2518           3577          2614        206.6k  0.03  
PROF_DETECT_CLEANUP         IPv6      17           138             2521          17124          2903        400.7k  0.05  
PROF_DETECT_CLEANUP         IPv6      58            79             2514          15106          2808        221.8k  0.03  
PROF_DETECT_GETSGH          IPv6      17           138             2520          36525          4151        572.9k  0.07  
PROF_DETECT_GETSGH          IPv6      58            79             2715          15223          3055        241.4k  0.03  


stats.log - (3149 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 3/26/2019 -- 15:55:36 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 7429
decoder.bytes                              | Total                     | 5185642
decoder.ipv4                               | Total                     | 6639
decoder.ipv6                               | Total                     | 217
decoder.ethernet                           | Total                     | 7429
decoder.tcp                                | Total                     | 6595
decoder.udp                                | Total                     | 182
decoder.icmpv6                             | Total                     | 79
decoder.avg_pkt_size                       | Total                     | 698
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 29
flow.icmpv6                                | Total                     | 3
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
tcp.overlap                                | Total                     | 8
tcp.insert_list_fail                       | Total                     | 5
detect.nonmpm_list                         | Total                     | 2
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 28
flow_mgr.new_pruned                        | Total                     | 30
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 33
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.flows_timeout                     | Total                     | 32
flow_mgr.flows_timeout_inuse               | Total                     | 2
flow_mgr.flows_removed                     | Total                     | 30
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65503
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7084096


eve.json - (1198 bytes) - download
1
2
3
4
{"timestamp":"2019-03-20T15:02:39.313400+0000","flow_id":1952098439645240,"pcap_cnt":26,"event_type":"dns","src_ip":"192.168.100.137","src_port":55629,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18758,"rrname":"google-analutics.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-20T15:02:39.326430+0000","flow_id":1952098439645240,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.137","dest_port":55629,"proto":"UDP","dns":{"type":"answer","id":18758,"rcode":"NOERROR","rrname":"google-analutics.com","rrtype":"A","ttl":13193,"rdata":"93.189.149.131"}}
{"timestamp":"2019-03-20T15:02:39.446227+0000","flow_id":556373654832526,"pcap_cnt":39,"event_type":"tls","src_ip":"192.168.100.137","src_port":49179,"dest_ip":"93.189.149.131","dest_port":443,"proto":"TCP","tls":{"subject":"CN=google-analutics.com","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-03-20T15:02:45.011774+0000","flow_id":1387615183191699,"pcap_cnt":6544,"event_type":"tls","src_ip":"192.168.100.137","src_port":49261,"dest_ip":"93.189.149.131","dest_port":443,"proto":"TCP","tls":{"session_resumed":true}}


suricata-report-2019-03-26-T-15-55-36-03262019.1555-ab7b8c08-3c50-4ac7-b5e6-c4d8d982447c.pcap.txt - (17818 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/9f2dc75bab0dfc7890488ed36da71eb256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03262019.1555-ab7b8c08-3c50-4ac7-b5e6-c4d8d982447c.pcap -vvv -k none
elapsedtime:23.245409
stderr:
stdout:
26/3/2019 -- 15:55:13 - <Info> - Configuration node 'rule-files' redefined.
26/3/2019 -- 15:55:13 - <Notice> - This is Suricata version 4.0.0 RELEASE
26/3/2019 -- 15:55:13 - <Info> - CPUs/cores online: 1
26/3/2019 -- 15:55:13 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32590 and 'request-body-inspect-window' set to 16358 after randomization.
26/3/2019 -- 15:55:13 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33350 and 'response-body-inspect-window' set to 17176 after randomization.
26/3/2019 -- 15:55:13 - <Config> - DNS request flood protection level: 500
26/3/2019 -- 15:55:13 - <Config> - DNS per flow memcap (state-memcap): 524288
26/3/2019 -- 15:55:13 - <Config> - DNS global memcap: 16777216
26/3/2019 -- 15:55:13 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
26/3/2019 -- 15:55:13 - <Config> - preallocated 1000 hosts of size 136
26/3/2019 -- 15:55:13 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
26/3/2019 -- 15:55:13 - <Config> - using magic-file /usr/share/file/magic
26/3/2019 -- 15:55:13 - <Config> - Core dump size is unlimited.
26/3/2019 -- 15:55:13 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
26/3/2019 -- 15:55:13 - <Config> - preallocated 1000 defrag trackers of size 168
26/3/2019 -- 15:55:13 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
26/3/2019 -- 15:55:13 - <Config> - stream "prealloc-sessions": 2048 (per thread)
26/3/2019 -- 15:55:13 - <Config> - stream "memcap": 33554432
26/3/2019 -- 15:55:13 - <Config> - stream "midstream" session pickups: disabled
26/3/2019 -- 15:55:13 - <Config> - stream "async-oneside": disabled
26/3/2019 -- 15:55:13 - <Config> - stream "checksum-validation": disabled
26/3/2019 -- 15:55:13 - <Config> - stream."inline": disabled
26/3/2019 -- 15:55:13 - <Config> - stream "bypass": disabled
26/3/2019 -- 15:55:13 - <Config> - stream "max-synack-queued": 5
26/3/2019 -- 15:55:13 - <Config> - stream.reassembly "memcap": 134217728
26/3/2019 -- 15:55:13 - <Config> - stream.reassembly "depth": 0
26/3/2019 -- 15:55:13 - <Config> - stream.reassembly "toserver-chunk-size": 2628
26/3/2019 -- 15:55:13 - <Config> - stream.reassembly "toclient-chunk-size": 2572
26/3/2019 -- 15:55:13 - <Config> - stream.reassembly.raw: enabled
26/3/2019 -- 15:55:13 - <Config> - stream.reassembly "segment-prealloc": 2048
26/3/2019 -- 15:55:13 - <Config> - Delayed detect disabled
26/3/2019 -- 15:55:13 - <Config> - pattern matchers: MPM: ac, SPM: bm
26/3/2019 -- 15:55:13 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
26/3/2019 -- 15:55:13 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
26/3/2019 -- 15:55:13 - <Config> - prefilter engines: MPM
26/3/2019 -- 15:55:13 - <Config> - IP reputation disabled
26/3/2019 -- 15:55:13 - <Perf> - Registered 148 keyword profiling counters.
26/3/2019 -- 15:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
26/3/2019 -- 15:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
26/3/2019 -- 15:55:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
26/3/2019 -- 15:55:18 - <Config> - No rules loaded from ET-icmp.rules.
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
26/3/2019 -- 15:55:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
26/3/2019 -- 15:55:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
26/3/2019 -- 15:55:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
26/3/2019 -- 15:55:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
26/3/2019 -- 15:55:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
26/3/2019 -- 15:55:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
26/3/2019 -- 15:55:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
26/3/2019 -- 15:55:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
26/3/2019 -- 15:55:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
26/3/2019 -- 15:55:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
26/3/2019 -- 15:55:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
26/3/2019 -- 15:55:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
26/3/2019 -- 15:55:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
26/3/2019 -- 15:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
26/3/2019 -- 15:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
26/3/2019 -- 15:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
26/3/2019 -- 15:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
26/3/2019 -- 15:55:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
26/3/2019 -- 15:55:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
26/3/2019 -- 15:55:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
26/3/2019 -- 15:55:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
26/3/2019 -- 15:55:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
26/3/2019 -- 15:55:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
26/3/2019 -- 15:55:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
26/3/2019 -- 15:55:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
26/3/2019 -- 15:55:25 - <Config> - No rules loaded from local.rules.
26/3/2019 -- 15:55:25 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
26/3/2019 -- 15:55:25 - <Info> - Threshold config parsed: 0 rule(s) found
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for tcp-packet
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for tcp-stream
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for udp-packet
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for other-ip
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_uri
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_request_line
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_client_body
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_response_line
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_header
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_header
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_header_names
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_header_names
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_accept
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_accept_enc
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_accept_lang
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_referer
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_connection
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_content_len
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_content_len
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_content_type
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_content_type
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_protocol
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_protocol
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_start
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_start
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_raw_header
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_raw_header
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_method
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_cookie
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_cookie
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_raw_uri
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_user_agent
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_host
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_raw_host
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_stat_msg
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_stat_code
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for dns_query
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for tls_sni
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for tls_cert_issuer
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for tls_cert_subject
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for tls_cert_serial
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for dce_stub_data
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for dce_stub_data
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for ssh_protocol
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for ssh_protocol
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for ssh_software
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for ssh_software
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for file_data
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for file_data
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_request_line
26/3/2019 -- 15:55:26 - <Perf> - using shared mpm ctx' for http_response_line
26/3/2019 -- 15:55:26 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
26/3/2019 -- 15:55:26 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
26/3/2019 -- 15:55:26 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
26/3/2019 -- 15:55:26 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
26/3/2019 -- 15:55:26 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
26/3/2019 -- 15:55:26 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
26/3/2019 -- 15:55:26 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
26/3/2019 -- 15:55:26 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
26/3/2019 -- 15:55:31 - <Perf> - Unique rule groups: 104
26/3/2019 -- 15:55:31 - <Perf> - Builtin MPM "toserver TCP packet": 35
26/3/2019 -- 15:55:31 - <Perf> - Builtin MPM "toclient TCP packet": 17
26/3/2019 -- 15:55:31 - <Perf> - Builtin MPM "toserver TCP stream": 33
26/3/2019 -- 15:55:31 - <Perf> - Builtin MPM "toclient TCP stream": 19
26/3/2019 -- 15:55:31 - <Perf> - Builtin MPM "toserver UDP packet": 27
26/3/2019 -- 15:55:31 - <Perf> - Builtin MPM "toclient UDP packet": 17
26/3/2019 -- 15:55:31 - <Perf> - Builtin MPM "other IP packet": 3
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_uri": 14
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_request_line": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_client_body": 6
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient http_response_line": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_header": 10
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient http_header": 6
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_header_names": 2
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_accept": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_referer": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_content_len": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_content_type": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient http_content_type": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_protocol": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_start": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_method": 5
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_cookie": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient http_cookie": 2
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver http_host": 2
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver dns_query": 4
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver tls_sni": 2
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toserver file_data": 1
26/3/2019 -- 15:55:31 - <Perf> - AppLayer MPM "toclient file_data": 7
26/3/2019 -- 15:55:33 - <Perf> - Registered 39590 rule profiling counters.
26/3/2019 -- 15:55:33 - <Info> - fast output device (regular) initialized: alert
26/3/2019 -- 15:55:33 - <Info> - eve-log output device (regular) initialized: eve.json
26/3/2019 -- 15:55:33 - <Config> - enabling 'eve-log' module 'alert'
26/3/2019 -- 15:55:33 - <Config> - enabling 'eve-log' module 'http'
26/3/2019 -- 15:55:33 - <Config> - enabling 'eve-log' module 'dns'
26/3/2019 -- 15:55:33 - <Config> - enabling 'eve-log' module 'tls'
26/3/2019 -- 15:55:33 - <Config> - enabling 'eve-log' module 'files'
26/3/2019 -- 15:55:33 - <Config> - enabling 'eve-log' module 'ssh'
26/3/2019 -- 15:55:33 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
26/3/2019 -- 15:55:33 - <Info> - stats output device (regular) initialized: stats.log
26/3/2019 -- 15:55:33 - <Config> - AutoFP mode using "Hash" flow load balancer
26/3/2019 -- 15:55:33 - <Info> - reading pcap file /var/pcap/03262019.1555-ab7b8c08-3c50-4ac7-b5e6-c4d8d982447c.pcap
26/3/2019 -- 15:55:33 - <Config> - us

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-03-26-T-15-55-36-03262019.1555-ab7b8c08-3c50-4ac7-b5e6-c4d8d982447c.pcap.txt - (15446 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
  --------------------------------------------------------------------------
  Date: 3/26/2019 -- 15:55:36. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2829561      1        1        43693944     14.27  4040     0        7437877     10815.33    0.00        10815.33   
  2        2024227      1        3        40840792     13.34  4040     0        5794342     10109.11    0.00        10109.11   
  3        2025194      1        1        39460978     12.88  4040     0        5340417     9767.57     0.00        9767.57    
  4        2025190      1        1        35304572     11.53  4040     0        1265523     8738.76     0.00        8738.76    
  5        2025193      1        1        35759049     11.68  4040     0        443685      8851.25     0.00        8851.25    
  6        2025189      1        1        34781592     11.36  4040     0        387968      8609.30     0.00        8609.30    
  7        2021749      1        6        201351       0.07   2        0        112038      100675.50   0.00        100675.50  
  8        2805348      1        4        860404       0.28   15       0        96150       57360.27    0.00        57360.27   
  9        2822213      1        2        114121       0.04   2        0        69605       57060.50    0.00        57060.50   
  10       2025192      1        1        34048035     11.12  4040     0        68414       8427.73     0.00        8427.73    
  11       2814978      1        2        124214       0.04   2        0        65023       62107.00    0.00        62107.00   
  12       2025330      1        1        119987       0.04   2        0        61408       59993.50    0.00        59993.50   
  13       2814979      1        2        118055       0.04   2        0        60242       59027.50    0.00        59027.50   
  14       2025191      1        1        33651769     10.99  4040     0        56662       8329.65     0.00        8329.65    
  15       2825567      1        3        106922       0.03   2        0        55021       53461.00    0.00        53461.00   
  16       2018005      1        6        97360        0.03   2        0        51409       48680.00    0.00        48680.00   
  17       2825453      1        2        94501        0.03   2        0        51093       47250.50    0.00        47250.50   
  18       2829214      1        2        92058        0.03   2        0        50820       46029.00    0.00        46029.00   
  19       2024720      1        3        91694        0.03   2        0        48386       45847.00    0.00        45847.00   
  20       2827202      1        3        89143        0.03   2        0        44866       44571.50    0.00        44571.50   
  21       2023625      1        3        209143       0.07   58       0        43629       3605.91     0.00        3605.91    
  22       2802822      1        1        162429       0.05   47       0        37691       3455.94     0.00        3455.94    
  23       2824801      1        3        62767        0.02   2        0        35775       31383.50    0.00        31383.50   
  24       2824799      1        3        58819        0.02   2        0        33587       29409.50    0.00        29409.50   
  25       2100518      1        8        158278       0.05   47       0        33323       3367.62     0.00        3367.62    
  26       2008116      1        4        162532       0.05   47       0        30023       3458.13     0.00        3458.13    
  27       2018054      1        1        25978        0.01   1        0        25978       25978.00    0.00        25978.00   
  28       2020786      1        4        25355        0.01   1        0        25355       25355.00    0.00        25355.00   
  29       2008120      1        4        518388       0.17   178      0        24678       2912.29     0.00        2912.29    
  30       2020772      1        2        24528        0.01   1        0        24528       24528.00    0.00        24528.00   
  31       2020691      1        1        24171        0.01   1        0        24171       24171.00    0.00        24171.00   
  32       2014701      1        12       25417        0.01   2        0        22059       12708.50    0.00        12708.50   
  33       2009702      1        5        23789        0.01   2        0        20524       11894.50    0.00        11894.50   
  34       2019016      1        3        145271       0.05   47       0        19929       3090.87     0.00        3090.87    
  35       2019230      1        2        21604        0.01   2        0        18596       10802.00    0.00        10802.00   
  36       2010140      1        7        545443       0.18   177      0        18035       3081.60     0.00        3081.60    
  37       2815451      1        2        53076        0.02   4        0        17498       13269.00    0.00        13269.00   
  38       2022543      1        1        17135        0.01   1        0        17135       17135.00    0.00        17135.00   
  39       2023626      1        3        323634       0.11   112      0        16901       2889.59     0.00        2889.59    
  40       2023624      1        3        299275       0.10   104      0        16249       2877.64     0.00        2877.64    
  41       2826281      1        2        15940        0.01   1        0        15940       15940.00    0.00        15940.00   
  42       2803760      1        3        15490        0.01   1        0        15490       15490.00    0.00        15490.00   
  43       2811544      1        1        18727        0.01   2        0        15170       9363.50     0.00        9363.50    
  44       2100474      1        5        46262        0.02   13       0        15113       3558.62     0.00        3558.62    
  45       2010142      1        4        476796       0.16   177      0        15106       2693.76     0.00        2693.76    
  46       2013739      1        15       484200       0.16   176      0        15011       2751.14     0.00        2751.14    
  47       2014703      1        9        17743        0.01   2        0        14759       8871.50     0.00        8871.50    
  48       2811577      1        2        18326        0.01   2        0        14694       9163.00     0.00        9163.00    
  49       2014702      1        9        17485        0.01   2        0        14470       8742.50     0.00        8742.50    
  50       2018789      1        3        8000         0.00   2        0        4662        4000.00     0.00        4000.00    
  51       2016323      1        1        14143        0.00   4        0        4507        3535.75     0.00        3535.75    
  52       2019010      1        3        67583        0.02   23       0        4496        2938.39     0.00        2938.39    
  53       2802205      1        3        128830       0.04   47       0        4117        2741.06     0.00        2741.06    
  54       2823966      1        1        13393        0.00   4        0        4085        3348.25     0.00        3348.25    
  55       2822838      1        2        13010        0.00   4        0        4049        3252.50     0.00        3252.50    
  56       2016181      1        2        4002         0.00   1        0        4002        4002.00     0.00        4002.00    
  57       2019017      1        3        66115        0.02   23       0        3988        2874.57     0.00        2874.57    
  58       2008117      1        3        129175       0.04   47       0        3962        2748.40     0.00        2748.40    
  59       2009387      1        4        7524         0.00   2        0        3949        3762.00     0.00        3762.00    
  60       2801347      1        5        44065        0.01   15       0        3929        2937.67     0.00        2937.67    
  61       2016179      1        2        3911         0.00   1        0        3911        3911.00     0.00        3911.00    
  62       2017935      1        3        10395        0.00   3        0        3907        3465.00     0.00        3465.00    
  63       2023627      1        3        195887       0.06   72       0        3890        2720.65     0.00        2720.65    
  64       2010143      1        3        479078       0.16   177      0        3870        2706.66     0.00        2706.66    
  65       2809256      1        3        12898        0.00   4        0        3844        3224.50     0.00        3224.50    
  66       2008118      1        3        46721        0.02   17       0        3815        2748.29     0.00        2748.29    
  67       2019011      1        3        130960       0.04   47       0        3789        2786.38     0.00        2786.38    
  68       2009243      1        2        47366        0.02   17       0        3687        2786.24     0.00        2786.24    
  69       2016178      1        2        3681         0.00   1        0        3681        3681.00     0.00        3681.00    
  70       2809132      1        1        7077         0.00   2        0        3671        3538.50     0.00        3538.50    
  71       2022547      1        1        23807        0.01   8        0        3623        2975.88     0.00        2975.88    
  72       2823788      1        4        3562         0.00   1        0        3562        3562.00     0.00        3562.00    
  73       2023622      1        3        315046       0.10   118      0        3550        2669.88     0.00        2669.88    
  74       2021976      1        2        6980         0.00   2        0        3548        3490.00     0.00        3490.00    
  75       2018281      1        4        6782         0.00   2        0        3542        3391.00     0.00        3391.00    
  76       2016363      1        2        13065        0.00   4        0        3520        3266.25     0.00        3266.25    
  77       2102190      1        5        18021        0.01   6        0        3506        3003.50     0.00        3003.50    
  78       2019012      1        3        12714        0.00   4        0        3461        3178.50     0.00        3178.50    
  79       2824993      1        1        6284         0.00   2        0        3454        3142.00     0.00        3142.00    
  80       2103238      1        4        6712         0.00   2        0        3450        3356.00     0.00        3356.00    
  81       2824995      1        1        11867        0.00   4        0        3441        2966.75     0.00        2966.75    
  82       2019738      1        2        3437         0.00   1        0        3437        3437.00     0.00        3437.00    
  83       2808577      1        5        26114        0.01   9        0        3436        2901.56     0.00        2901.56    
  84       2001330      1        8        26747        0.01   9        0        3426        2971.89     0.00        2971.89    
  85       2821129      1        2        12240        0.00   4        0        3425        3060.00     0.00        3060.00    
  86       2023619      1        3        82395        0.03   32       0        3408        2574.84     0.00        2574.84    
  87       2021978      1        6        6331         0.00   2        0        3406        3165.50     0.00        3165.50    
  88       2828876      1        1        31025        0.01   11       0        3393        2820.45     0.00        2820.45    
  89       2024777      1        2        12006        0.00   4        0        3386        3001.50     0.00        3001.50    
  90       2806561      1        5        6672         0.00   2        0        3384        3336.00     0.00        3336.00    
  91       2103159      1        4        12114        0.00   4        0        3380        3028.50     0.00        3028.50    
  92       2023615      1        3        36023        0.01   13       0        3379        2771.00     0.00        2771.00    
  93       2807546      1        6        6624         0.00   2        0        3362        3312.00     0.00        3312.00    
  94       2025200      1        1        6461         0.00   2        0        3328        3230.50     0.00        3230.50    
  95       2025401      1        2        11722        0.00   4        0        3282        2930.50     0.00        2930.50    
  96       2809487      1        2        9153         0.00   3        0        3268        3051.00     0.00        3051.00    
  97       2103158      1        6        23756        0.01   8        0        3267        2969.50     0.00        2969.50    
  98       2811034      1        1        6471         0.00   2        0        3240        3235.50     0.00        3235.50    
  99       2100566      1        5        12040        0.00   4        0        3235        3010.00     0.00        3010.00    
  100      2102523      1        8        6271         0.00   2        0        3225        3135.50     0.00        3135.50    
  101      2015986      1        5        17669        0.01   6        0        3221        2944.83     0.00        2944.83    
  102      2825610      1        3        3219         0.00   1        0        3219        3219.00     0.00        3219.00    
  103      2023621      1        4        18518        0.01   7        0        3198        2645.43     0.00        2645.43    
  104      2023617      1        3        94721        0.03   36       0        3185        2631.14     0.00        2631.14    
  105      2023623      1        3        112532       0.04   42       0        3181        2679.33     0.00        2679.33    
  106      2023614      1        3        16808        0.01   6        0        3129        2801.33     0.00        2801.33    
  107      2102523      1        8        6137         0.00   2        0        3097        3068.50     0.00        3068.50    
  108      2023613      1        3        10916        0.00   4        0        3023        2729.00     0.00        2729.00    
  109      2023612      1        4        94021        0.03   36       0        3021        2611.69     0.00        2611.69    
  110      2102257      1        10       2998         0.00   1        0        2998        2998.00     0.00        2998.00    
  111      2019019      1        3        11851        0.00   4        0        2982        2962.75     0.00        2962.75    
  112      2008306      1        3        11111        0.00   4        0        2919        2777.75     0.00        2777.75    
  113      2023616      1        3        2842         0.00   1        0        2842        2842.00     0.00        2842.00    
  114      2023620      1        3        8075         0.00   3        0        2826        2691.67     0.00        2691.67    
  115      2013075      1        8        2787         0.00   1        0        2787        2787.00     0.00        2787.00    
  116      2805442      1        2        5356         0.00   2        0        2776        2678.00     0.00        2678.00    
  117      2816380      1        1        2536         0.00   1        0        2536        2536.00     0.00        2536.00    


keyword_perf.log - (5016 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/26/2019 -- 15:55:36
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             27159           8               8               5266            3394.00         3394.00         0.00           
  content          96796878        32560           125             1895738         2972.00         4125.00         2968.00        
  pcre             88970           8               0               29980           11121.00        0.00            11121.00       
  byte_test        204313          58              51              16434           3522.00         3613.00         2858.00        
  byte_jump        65519           19              15              8674            3448.00         3637.00         2738.00        
  isdataat         2969            1               0               2969            2969.00         0.00            2969.00        
  byte_extract     17367           4               4               9342            4341.00         4341.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             27159           8               8               5266            3394.00         3394.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          851068          232             117             20207           3668.00         4149.00         3179.00        
  pcre             88970           8               0               29980           11121.00        0.00            11121.00       
  byte_test        204313          58              51              16434           3522.00         3613.00         2858.00        
  byte_jump        65519           19              15              8674            3448.00         3637.00         2738.00        
  isdataat         2969            1               0               2969            2969.00         0.00            2969.00        
  byte_extract     17367           4               4               9342            4341.00         4341.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30305           8               8               4679            3788.00         3788.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          95915505        32320           0               1895738         2967.00         0.00            2967.00        


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-03-26 15:55:12,308 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-26 15:55:13,039 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-26 15:55:13,039 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-03-26 15:55:13,040 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-26 15:55:13,040 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-26 15:55:13,040 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/9f2dc75bab0dfc7890488ed36da71eb256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03262019.1555-ab7b8c08-3c50-4ac7-b5e6-c4d8d982447c.pcap -vvv -k none
2019-03-26 15:55:36,288 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-26 15:55:36,289 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.9892420769