Filename: pcap (1).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.546998024 seconds
Hash: 9f6fd17db1430981158b1de03deaeeae
Uploaded: 1556632831

Logfiles


packet_stats.log - (13605 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            10          2783062       53394115      32485092        324.9m    4.14
 IPv4       6            61         14491748       50279374      34930487          2.1b   27.15
 IPv4      17           112          3314031       64678943      48150208          5.4b   68.71
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            10            90884         286108        120148          1.2m    1.63
TMM_FLOWWORKER              IPv4       6            61            72666       13961286        580755         35.4m   47.98
TMM_FLOWWORKER              IPv4      17           112           118343        8656952        322237         36.1m   48.88
TMM_RECEIVEPCAPFILE         IPv4       2            10             2547           3527          2828         28.3k    0.04
TMM_RECEIVEPCAPFILE         IPv4       6            61             2550           3962          2986        182.2k    0.25
TMM_RECEIVEPCAPFILE         IPv4      17           112             2534          22410          3084        345.4k    0.47
TMM_DECODEPCAPFILE          IPv4       2            10             2659          10659          3505         35.1k    0.05
TMM_DECODEPCAPFILE          IPv4       6            61             2652          16453          3041        185.5k    0.25
TMM_DECODEPCAPFILE          IPv4      17           112             2666          19180          3005        336.6k    0.46

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            61             2835          28855          3697        225.6k  0.40  
flow                    IPv4      17           112             2691          30778          3897        436.5k  0.78  
stream                  IPv4       6            61             3330         365983         17991          1.1m  1.95  
app-layer               IPv4      17           112             2520          48569          4693        525.7k  0.93  
detect                  IPv4       2            10            85395         280352        114324          1.1m  2.03  
detect                  IPv4       6            61            47574       13916860        523386         31.9m  56.74 
detect                  IPv4      17           112           102238        1330294        185027         20.7m  36.83 
tcp-prune               IPv4       6            61             2559           8370          3131        191.0k  0.34  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1            55006          55006         55006         55.0k  28.39 
http                    IPv4      17             1            55006          55006         55006         55.0k  28.39 
dns                     IPv4      17            10             3870          23045          8377         83.8k  43.23 
Proto detect            IPv4      17            12             2995          35809          9461        113.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             6            29906        8065088       1387968          8.3m  97.50 
LOGGER_JSON_HTTP            IPv4       6             1            97086          97086         97086         97.1k  1.14  
LOGGER_JSON_FILE            IPv4       6             1           116060         116060        116060        116.1k  1.36  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            39             2826         414675         25181       982.1k  18.35 
payload                           IPv4      17           112             3183         436343         11001         1.2m  23.02 
stream                            IPv4       6            39             2540         142623         21765       848.9k  15.86 
http_uri                          IPv4       6             1            20303          20303         20303        20.3k  0.38  
http_request_line                 IPv4       6             1             7209           7209          7209         7.2k  0.13  
http_client_body                  IPv4       6             1             4331           4331          4331         4.3k  0.08  
http_header (request)             IPv4       6             1            83027          83027         83027        83.0k  1.55  
http_header (request trailer)     IPv4       6             1             2615           2615          2615         2.6k  0.05  
http_header_names (request)       IPv4       6             1            24568          24568         24568        24.6k  0.46  
http_accept (request)             IPv4       6             1             4186           4186          4186         4.2k  0.08  
http_referer (request)            IPv4       6             1             3281           3281          3281         3.3k  0.06  
http_content_len (request)        IPv4       6             1             3392           3392          3392         3.4k  0.06  
http_content_type (request)       IPv4       6             1             3444           3444          3444         3.4k  0.06  
http_protocol (request)           IPv4       6             1             7004           7004          7004         7.0k  0.13  
http_start (request)              IPv4       6             1            13148          13148         13148        13.1k  0.25  
http_raw_header (request)         IPv4       6             1            15582          15582         15582        15.6k  0.29  
http_method                       IPv4       6             1             6659           6659          6659         6.7k  0.12  
http_cookie (request)             IPv4       6             1             3571           3571          3571         3.6k  0.07  
http_raw_uri                      IPv4       6             1             5679           5679          5679         5.7k  0.11  
http_user_agent                   IPv4       6             1            31679          31679         31679        31.7k  0.59  
http_host                         IPv4       6             1             7174           7174          7174         7.2k  0.13  
dns_query                         IPv4      17             3            10366          12414         11594        34.8k  0.65  
http_response_line                IPv4       6             1            10490          10490         10490        10.5k  0.20  
http_header (response)            IPv4       6             1            75594          75594         75594        75.6k  1.41  
http_header (response trailer)    IPv4       6             1             3033           3033          3033         3.0k  0.06  
http_content_type (response)      IPv4       6             1             7123           7123          7123         7.1k  0.13  
http_raw_header (response)        IPv4       6            35             4415         392184         16085       563.0k  10.52 
http_cookie (response)            IPv4       6             1             3181           3181          3181         3.2k  0.06  
http_stat_code                    IPv4       6             1             5032           5032          5032         5.0k  0.09  
file_data (http response)         IPv4       6            34             2585         922385         39408         1.3m  25.03 
Total                             IPv4                   286                                         18713         5.4m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            10            37355         228612         60787        607.9k  1.05  
PROF_DETECT_IPONLY          IPv4       6             2            47425          78398         62911        125.8k  0.22  
PROF_DETECT_IPONLY          IPv4      17            13            37065          77475         49205        639.7k  1.11  
PROF_DETECT_RULES           IPv4       2            10             2527           3141          2764         27.6k  0.05  
PROF_DETECT_RULES           IPv4       6            61             2546        2387220         81286          5.0m  8.57  
PROF_DETECT_RULES           IPv4      17           112            44349         720944        105195         11.8m  20.37 
PROF_DETECT_STATEFUL_START    IPv4       6            21             5131        1252309        135892          2.9m  4.93  
PROF_DETECT_STATEFUL_CONT    IPv4       2            10             2514           3282          2751         27.5k  0.05  
PROF_DETECT_STATEFUL_CONT    IPv4       6            61             2540          48022         13744        838.4k  1.45  
PROF_DETECT_STATEFUL_CONT    IPv4      17           112             2503          43484          3334        373.4k  0.65  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            57             2564         389764          9515        542.4k  0.94  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             6             2646           3860          3153         18.9k  0.03  
PROF_DETECT_PREFILTER       IPv4       2            10             7868          11439          9118         91.2k  0.16  
PROF_DETECT_PREFILTER       IPv4       6            61             8403        1426265        114590          7.0m  12.09 
PROF_DETECT_PREFILTER       IPv4      17           112            23834         482672         34757          3.9m  6.73  
PROF_DETECT_PF_PAYLOAD      IPv4       6            39            16680         425377         55798          2.2m  3.76  
PROF_DETECT_PF_PAYLOAD      IPv4      17           112             8243         441831         16491          1.8m  3.19  
PROF_DETECT_PF_TX           IPv4       6            57             2558        1324383         46960          2.7m  4.63  
PROF_DETECT_PF_TX           IPv4      17             3            15930          18528         17587         52.8k  0.09  
PROF_DETECT_PF_SORT1        IPv4       6             7             2626           9303          3749         26.2k  0.05  
PROF_DETECT_PF_SORT1        IPv4      17           112             2613          15875          3255        364.6k  0.63  
PROF_DETECT_PF_SORT2        IPv4       2            10             2522           2980          2702         27.0k  0.05  
PROF_DETECT_PF_SORT2        IPv4       6            61             2520         388394          9100        555.1k  0.96  
PROF_DETECT_PF_SORT2        IPv4      17           112             2544          20045          2861        320.5k  0.55  
PROF_DETECT_NONMPMLIST      IPv4       2            10             2540           3163          2784         27.8k  0.05  
PROF_DETECT_NONMPMLIST      IPv4       6            61             2575           3964          2909        177.5k  0.31  
PROF_DETECT_NONMPMLIST      IPv4      17           112             2525          14864          2934        328.7k  0.57  
PROF_DETECT_ALERT           IPv4       2            10             2518           3289          2773         27.7k  0.05  
PROF_DETECT_ALERT           IPv4       6            61             2524           4038          2688        164.0k  0.28  
PROF_DETECT_ALERT           IPv4      17           112             2525           3375          2623        293.8k  0.51  
PROF_DETECT_CLEANUP         IPv4       2            10             2523           3523          2812         28.1k  0.05  
PROF_DETECT_CLEANUP         IPv4       6            61             2578       13776036        228764         14.0m  24.13 
PROF_DETECT_CLEANUP         IPv4      17           112             2523          16137          2842        318.4k  0.55  
PROF_DETECT_GETSGH          IPv4       2            10             2748           3258          2865         28.6k  0.05  
PROF_DETECT_GETSGH          IPv4       6            61             2540          11212          2990        182.4k  0.32  
PROF_DETECT_GETSGH          IPv4      17           112             2512          54982          4336        485.7k  0.84  


stats.log - (2683 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
------------------------------------------------------------------------------------
Date: 4/30/2019 -- 14:00:56 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 205
decoder.bytes                              | Total                     | 58403
decoder.ipv4                               | Total                     | 183
decoder.ethernet                           | Total                     | 205
decoder.tcp                                | Total                     | 61
decoder.udp                                | Total                     | 112
decoder.avg_pkt_size                       | Total                     | 284
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 10
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
detect.mpm_list                            | Total                     | 8
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 9
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 3
app_layer.tx.dns_udp                       | Total                     | 3
app_layer.flow.failed_udp                  | Total                     | 7
flow.spare                                 | Total                     | 9997
flow_mgr.flows_checked                     | Total                     | 4
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65532
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075168


eve.json - (2885 bytes) - download
1
2
3
4
5
6
7
8
{"timestamp":"2019-02-08T20:03:40.098278+0000","flow_id":991316580007910,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.56.101","src_port":59740,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33966,"rrname":"dwosgraumellsa.club","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-08T20:03:40.227619+0000","flow_id":991316580007910,"pcap_cnt":30,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.101","dest_port":59740,"proto":"UDP","dns":{"type":"answer","id":33966,"rcode":"NOERROR","rrname":"dwosgraumellsa.club","rrtype":"A","ttl":0,"rdata":"185.141.195.112"}}
{"timestamp":"2019-02-08T20:03:40.231545+0000","flow_id":1379156421806201,"pcap_cnt":31,"event_type":"dns","src_ip":"192.168.56.101","src_port":61096,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49119,"rrname":"dwosgraumellsa.club","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-08T20:03:40.426979+0000","flow_id":1379156421806201,"pcap_cnt":32,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.101","dest_port":61096,"proto":"UDP","dns":{"type":"answer","id":49119,"rcode":"NOERROR","rrname":"dwosgraumellsa.club","rrtype":"A","ttl":0,"rdata":"185.141.195.112"}}
{"timestamp":"2019-02-08T20:03:40.612863+0000","flow_id":1855287906294271,"pcap_cnt":82,"event_type":"dns","src_ip":"192.168.56.101","src_port":64308,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37384,"rrname":"112.195.141.185.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-08T20:03:40.630372+0000","flow_id":753212183053925,"pcap_cnt":90,"event_type":"http","src_ip":"192.168.56.101","src_port":49162,"dest_ip":"185.141.195.112","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dwosgraumellsa.club","url":"\/cabaco2.txt","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/plain"}}
{"timestamp":"2019-02-08T20:03:40.884222+0000","flow_id":1855287906294271,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.101","dest_port":64308,"proto":"UDP","dns":{"type":"answer","id":37384,"rcode":"NOERROR","rrname":"112.195.141.185.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-08T20:03:45.533672+0000","flow_id":753212183053925,"pcap_cnt":156,"event_type":"fileinfo","src_ip":"185.141.195.112","src_port":80,"dest_ip":"192.168.56.101","dest_port":49162,"proto":"TCP","http":{"hostname":"dwosgraumellsa.club","url":"\/cabaco2.txt","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":38697},"app_proto":"http","fileinfo":{"filename":"\/cabaco2.txt","gaps":false,"state":"CLOSED","stored":false,"size":38697,"tx_id":0}}


keyword_perf.log - (10181 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 4/30/2019 -- 14:00:56
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             387175          101             101             29174           3833.00         3833.00         0.00           
  content          2440846         278             165             625334          8780.00         3548.00         16419.00       
  pcre             172968          9               2               48351           19218.00        13417.00        20876.00       
  byte_test        394941          111             87              61672           3558.00         3741.00         2892.00        
  byte_jump        77143           26              26              9626            2967.00         2967.00         0.00           
  isdataat         5395            2               0               2791            2697.00         0.00            2697.00        
  flowbits         19154           2               2               16113           9577.00         9577.00         0.00           
  urilen           15088           5               0               3522            3017.00         0.00            3017.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             387175          101             101             29174           3833.00         3833.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          458888          150             95              10076           3059.00         3140.00         2918.00        
  pcre             44173           3               0               22834           14724.00        0.00            14724.00       
  byte_test        394941          111             87              61672           3558.00         3741.00         2892.00        
  byte_jump        77143           26              26              9626            2967.00         2967.00         0.00           
  isdataat         5395            2               0               2791            2697.00         0.00            2697.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         19154           2               2               16113           9577.00         9577.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          117950          29              9               5476            4067.00         4222.00         3997.00        
  pcre             79529           3               1               48351           26509.00        15441.00        32044.00       
  urilen           15088           5               0               3522            3017.00         0.00            3017.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3245            1               0               3245            3245.00         0.00            3245.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1510806         10              0               625334          151080.00       0.00            151080.00      
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          255211          62              48              5859            4116.00         4146.00         4012.00        
  pcre             49266           3               1               23155           16422.00        11394.00        18936.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19256           5               0               4598            3851.00         0.00            3851.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3257            1               1               3257            3257.00         3257.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          65271           18              10              5165            3626.00         3980.00         3183.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6962            2               2               3536            3481.00         3481.00         0.00           


suricata-4.0.0-etpro-all-perf.txt-2019-04-30-T-14-00-56-04302019.1400-pcap_1.pcap.txt - (16342 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
  --------------------------------------------------------------------------
  Date: 4/30/2019 -- 14:00:56. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2820157      1        2        799730       7.32   2        0        648649      399865.00   0.00        399865.00  
  2        2820158      1        2        767756       7.03   2        0        631407      383878.00   0.00        383878.00  
  3        2021304      1        4        99388        0.91   1        0        99388       99388.00    0.00        99388.00   
  4        2009702      1        5        171695       1.57   6        0        79940       28615.83    0.00        28615.83   
  5        2805348      1        4        1192135      10.91  26       0        76094       45851.35    0.00        45851.35   
  6        2014701      1        12       135297       1.24   6        0        65409       22549.50    0.00        22549.50   
  7        2822697      1        2        65028        0.60   1        0        65028       65028.00    0.00        65028.00   
  8        2019821      1        8        57264        0.52   1        1        57264       57264.00    57264.00    0.00       
  9        2829091      1        2        55398        0.51   1        0        55398       55398.00    0.00        55398.00   
  10       2019010      1        3        121312       1.11   26       0        55109       4665.85     0.00        4665.85    
  11       2815664      1        3        53346        0.49   1        0        53346       53346.00    0.00        53346.00   
  12       2011290      1        7        53153        0.49   1        0        53153       53153.00    0.00        53153.00   
  13       2808793      1        3        50204        0.46   1        0        50204       50204.00    0.00        50204.00   
  14       2816747      1        2        46918        0.43   1        0        46918       46918.00    0.00        46918.00   
  15       2805089      1        6        45486        0.42   1        0        45486       45486.00    0.00        45486.00   
  16       2814182      1        2        43772        0.40   1        0        43772       43772.00    0.00        43772.00   
  17       2024771      1        1        168893       1.55   35       0        42238       4825.51     0.00        4825.51    
  18       2010140      1        7        545002       4.99   112      0        40689       4866.09     0.00        4866.09    
  19       2809087      1        2        40621        0.37   1        0        40621       40621.00    0.00        40621.00   
  20       2824942      1        2        39928        0.37   1        0        39928       39928.00    0.00        39928.00   
  21       2809360      1        2        36634        0.34   1        0        36634       36634.00    0.00        36634.00   
  22       2812896      1        5        36574        0.33   1        0        36574       36574.00    0.00        36574.00   
  23       2802822      1        1        108028       0.99   28       0        36301       3858.14     0.00        3858.14    
  24       2826616      1        2        36262        0.33   1        0        36262       36262.00    0.00        36262.00   
  25       2021531      1        2        35869        0.33   1        1        35869       35869.00    35869.00    0.00       
  26       2816636      1        2        35571        0.33   1        0        35571       35571.00    0.00        35571.00   
  27       2812801      1        2        35066        0.32   1        0        35066       35066.00    0.00        35066.00   
  28       2823915      1        3        34961        0.32   1        0        34961       34961.00    0.00        34961.00   
  29       2024367      1        2        34289        0.31   1        0        34289       34289.00    0.00        34289.00   
  30       2815547      1        2        34173        0.31   1        0        34173       34173.00    0.00        34173.00   
  31       2022652      1        2        34078        0.31   1        0        34078       34078.00    0.00        34078.00   
  32       2824909      1        2        33712        0.31   1        0        33712       33712.00    0.00        33712.00   
  33       2809012      1        4        33566        0.31   1        0        33566       33566.00    0.00        33566.00   
  34       2816356      1        2        33077        0.30   1        0        33077       33077.00    0.00        33077.00   
  35       2809850      1        2        32014        0.29   1        0        32014       32014.00    0.00        32014.00   
  36       2804095      1        2        31211        0.29   1        0        31211       31211.00    0.00        31211.00   
  37       2019011      1        3        97118        0.89   26       0        30561       3735.31     0.00        3735.31    
  38       2016537      1        2        265713       2.43   17       0        30489       15630.18    0.00        15630.18   
  39       2827365      1        1        29855        0.27   1        0        29855       29855.00    0.00        29855.00   
  40       2820673      1        2        29844        0.27   1        0        29844       29844.00    0.00        29844.00   
  41       2014303      1        2        29660        0.27   1        0        29660       29660.00    0.00        29660.00   
  42       2824387      1        2        29522        0.27   1        0        29522       29522.00    0.00        29522.00   
  43       2805155      1        3        29488        0.27   1        0        29488       29488.00    0.00        29488.00   
  44       2821615      1        2        29157        0.27   1        0        29157       29157.00    0.00        29157.00   
  45       2815924      1        2        29047        0.27   1        0        29047       29047.00    0.00        29047.00   
  46       2816619      1        2        146582       1.34   35       0        29018       4188.06     0.00        4188.06    
  47       2830471      1        2        28966        0.27   1        0        28966       28966.00    0.00        28966.00   
  48       2829260      1        1        28944        0.26   1        0        28944       28944.00    0.00        28944.00   
  49       2024758      1        4        28725        0.26   1        0        28725       28725.00    0.00        28725.00   
  50       2020496      1        2        28684        0.26   1        0        28684       28684.00    0.00        28684.00   
  51       2816777      1        3        28677        0.26   1        0        28677       28677.00    0.00        28677.00   
  52       2023623      1        3        220173       2.02   74       0        28646       2975.31     0.00        2975.31    
  53       2823218      1        2        28422        0.26   1        0        28422       28422.00    0.00        28422.00   
  54       2809709      1        4        28203        0.26   1        0        28203       28203.00    0.00        28203.00   
  55       2812616      1        2        28000        0.26   1        0        28000       28000.00    0.00        28000.00   
  56       2017552      1        6        267850       2.45   18       0        27341       14880.56    0.00        14880.56   
  57       2816621      1        2        24210        0.22   1        0        24210       24210.00    0.00        24210.00   
  58       2023626      1        3        252472       2.31   90       0        23754       2805.24     0.00        2805.24    
  59       2012612      1        16       23602        0.22   1        0        23602       23602.00    0.00        23602.00   
  60       2827279      1        5        23313        0.21   1        0        23313       23313.00    0.00        23313.00   
  61       2022502      1        4        22902        0.21   1        0        22902       22902.00    0.00        22902.00   
  62       2816165      1        5        22648        0.21   1        0        22648       22648.00    0.00        22648.00   
  63       2826256      1        2        22550        0.21   1        0        22550       22550.00    0.00        22550.00   
  64       2012707      1        5        22029        0.20   1        0        22029       22029.00    0.00        22029.00   
  65       2020705      1        4        21771        0.20   1        0        21771       21771.00    0.00        21771.00   
  66       2024178      1        2        21716        0.20   1        0        21716       21716.00    0.00        21716.00   
  67       2003492      1        30       21656        0.20   1        0        21656       21656.00    0.00        21656.00   
  68       2012249      1        4        21648        0.20   1        0        21648       21648.00    0.00        21648.00   
  69       2828008      1        2        21568        0.20   1        0        21568       21568.00    0.00        21568.00   
  70       2830036      1        1        21528        0.20   1        0        21528       21528.00    0.00        21528.00   
  71       2806659      1        4        21491        0.20   1        0        21491       21491.00    0.00        21491.00   
  72       2804626      1        9        21467        0.20   1        0        21467       21467.00    0.00        21467.00   
  73       2016223      1        10       20953        0.19   1        0        20953       20953.00    0.00        20953.00   
  74       2809682      1        5        20533        0.19   1        0        20533       20533.00    0.00        20533.00   
  75       2805260      1        4        20497        0.19   1        0        20497       20497.00    0.00        20497.00   
  76       2100518      1        8        100583       0.92   26       0        20340       3868.58     0.00        3868.58    
  77       2809547      1        5        20263        0.19   1        0        20263       20263.00    0.00        20263.00   
  78       2010142      1        4        305846       2.80   112      0        18624       2730.77     0.00        2730.77    
  79       2826281      1        2        49818        0.46   3        0        17439       16606.00    0.00        16606.00   
  80       2022543      1        1        30331        0.28   2        0        17170       15165.50    0.00        15165.50   
  81       2008116      1        4        82930        0.76   26       0        16931       3189.62     0.00        3189.62    
  82       2803760      1        3        48227        0.44   3        0        16800       16075.67    0.00        16075.67   
  83       2010143      1        3        333537       3.05   112      0        15680       2978.01     0.00        2978.01    
  84       2013739      1        15       287780       2.63   106      0        15314       2714.91     0.00        2714.91    
  85       2023624      1        3        266269       2.44   98       0        15067       2717.03     0.00        2717.03    
  86       2014702      1        9        51318        0.47   6        0        14762       8553.00     0.00        8553.00    
  87       2014703      1        9        51922        0.48   6        0        14492       8653.67     0.00        8653.67    
  88       2023620      1        3        209150       1.91   76       0        13364       2751.97     0.00        2751.97    
  89       2022914      1        1        51859        0.47   6        0        11058       8643.17     0.00        8643.17    
  90       2805211      1        1        49636        0.45   6        0        10007       8272.67     0.00        8272.67    
  91       2810793      1        5        4608         0.04   1        0        4608        4608.00     0.00        4608.00    
  92       2008420      1        4        7831         0.07   2        0        4575        3915.50     0.00        3915.50    
  93       2008117      1        3        76198        0.70   28       0        4237        2721.36     0.00        2721.36    
  94       2823788      1        4        11721        0.11   3        0        4166        3907.00     0.00        3907.00    
  95       2816382      1        1        4124         0.04   1        0        4124        4124.00     0.00        4124.00    
  96       2102523      1        8        4028         0.04   1        0        4028        4028.00     0.00        4028.00    
  97       2025200      1        1        20082        0.18   6        0        3888        3347.00     0.00        3347.00    
  98       2023627      1        3        221727       2.03   86       0        3737        2578.22     0.00        2578.22    
  99       2019017      1        3        68712        0.63   26       0        3671        2642.77     0.00        2642.77    
  100      2008120      1        4        296198       2.71   112      0        3661        2644.62     0.00        2644.62    
  101      2100540      1        12       7162         0.07   2        0        3653        3581.00     0.00        3581.00    
  102      2828748      1        2        3586         0.03   1        0        3586        3586.00     0.00        3586.00    
  103      2008118      1        3        146849       1.34   55       0        3573        2669.98     0.00        2669.98    
  104      2804586      1        2        3498         0.03   1        0        3498        3498.00     0.00        3498.00    
  105      2828876      1        1        6785         0.06   2        0        3483        3392.50     0.00        3392.50    
  106      2017971      1        10       3483         0.03   1        0        3483        3483.00     0.00        3483.00    
  107      2009243      1        2        145719       1.33   55       0        3469        2649.44     0.00        2649.44    
  108      2808698      1        4        3465         0.03   1        0        3465        3465.00     0.00        3465.00    
  109      2828877      1        1        3407         0.03   1        0        3407        3407.00     0.00        3407.00    
  110      2023625      1        3        194612       1.78   74       0        3282        2629.89     0.00        2629.89    
  111      2023622      1        3        270072       2.47   104      0        3279        2596.85     0.00        2596.85    
  112      2023621      1        4        16954        0.16   6        0        3244        2825.67     0.00        2825.67    
  113      2802081      1        1        6261         0.06   2        0        3227        3130.50     0.00        3130.50    
  114      2100540      1        12       6027         0.06   2        0        3214        3013.50     0.00        3013.50    
  115      2102523      1        8        3159         0.03   1        0        3159        3159.00     0.00        3159.00    
  116      2023617      1        3        5965         0.05   2        0        3090        2982.50     0.00        2982.50    
  117      2802205      1        3        68458        0.63   26       0        3017        2633.00     0.00        2633.00    
  118      2802026      1        1        5972         0.05   2        0        2995        2986.00     0.00        2986.00    
  119      2023614      1        3        15977        0.15   6        0        2991        2662.83     0.00        2662.83    
  120      2801347      1        5        5526         0.05   2        0        2973        2763.00     0.00        2763.00    
  121      2019016      1        3        67486        0.62   26       0        2941        2595.62     0.00        2595.62    
  122      2023613      1        3        5738         0.05   2        0        2888        2869.00     0.00        2869.00    
  123      2023616      1        3        5636         0.05   2        0        2836        2818.00     0.00        2818.00    
  124      2013075      1        8        8053         0.07   3        0        2805        2684.33     0.00        2684.33    


suricata-report-2019-04-30-T-14-00-56-04302019.1400-pcap_1.pcap.txt - (17647 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/9f6fd17db1430981158b1de03deaeeae56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04302019.1400-pcap_1.pcap -vvv -k none
elapsedtime:23.447618
stderr:
stdout:
30/4/2019 -- 14:00:32 - <Info> - Configuration node 'rule-files' redefined.
30/4/2019 -- 14:00:32 - <Notice> - This is Suricata version 4.0.0 RELEASE
30/4/2019 -- 14:00:32 - <Info> - CPUs/cores online: 1
30/4/2019 -- 14:00:32 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33893 and 'request-body-inspect-window' set to 16523 after randomization.
30/4/2019 -- 14:00:32 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32507 and 'response-body-inspect-window' set to 16693 after randomization.
30/4/2019 -- 14:00:32 - <Config> - DNS request flood protection level: 500
30/4/2019 -- 14:00:32 - <Config> - DNS per flow memcap (state-memcap): 524288
30/4/2019 -- 14:00:32 - <Config> - DNS global memcap: 16777216
30/4/2019 -- 14:00:32 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
30/4/2019 -- 14:00:32 - <Config> - preallocated 1000 hosts of size 136
30/4/2019 -- 14:00:32 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
30/4/2019 -- 14:00:32 - <Config> - using magic-file /usr/share/file/magic
30/4/2019 -- 14:00:32 - <Config> - Core dump size is unlimited.
30/4/2019 -- 14:00:32 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
30/4/2019 -- 14:00:32 - <Config> - preallocated 1000 defrag trackers of size 168
30/4/2019 -- 14:00:32 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
30/4/2019 -- 14:00:32 - <Config> - stream "prealloc-sessions": 2048 (per thread)
30/4/2019 -- 14:00:32 - <Config> - stream "memcap": 33554432
30/4/2019 -- 14:00:32 - <Config> - stream "midstream" session pickups: disabled
30/4/2019 -- 14:00:32 - <Config> - stream "async-oneside": disabled
30/4/2019 -- 14:00:32 - <Config> - stream "checksum-validation": disabled
30/4/2019 -- 14:00:32 - <Config> - stream."inline": disabled
30/4/2019 -- 14:00:32 - <Config> - stream "bypass": disabled
30/4/2019 -- 14:00:32 - <Config> - stream "max-synack-queued": 5
30/4/2019 -- 14:00:32 - <Config> - stream.reassembly "memcap": 134217728
30/4/2019 -- 14:00:32 - <Config> - stream.reassembly "depth": 0
30/4/2019 -- 14:00:32 - <Config> - stream.reassembly "toserver-chunk-size": 2628
30/4/2019 -- 14:00:32 - <Config> - stream.reassembly "toclient-chunk-size": 2645
30/4/2019 -- 14:00:32 - <Config> - stream.reassembly.raw: enabled
30/4/2019 -- 14:00:32 - <Config> - stream.reassembly "segment-prealloc": 2048
30/4/2019 -- 14:00:32 - <Config> - Delayed detect disabled
30/4/2019 -- 14:00:32 - <Config> - pattern matchers: MPM: ac, SPM: bm
30/4/2019 -- 14:00:32 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
30/4/2019 -- 14:00:32 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
30/4/2019 -- 14:00:32 - <Config> - prefilter engines: MPM
30/4/2019 -- 14:00:32 - <Config> - IP reputation disabled
30/4/2019 -- 14:00:32 - <Perf> - Registered 148 keyword profiling counters.
30/4/2019 -- 14:00:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
30/4/2019 -- 14:00:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
30/4/2019 -- 14:00:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
30/4/2019 -- 14:00:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
30/4/2019 -- 14:00:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
30/4/2019 -- 14:00:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
30/4/2019 -- 14:00:38 - <Config> - No rules loaded from ET-icmp.rules.
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
30/4/2019 -- 14:00:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
30/4/2019 -- 14:00:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
30/4/2019 -- 14:00:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
30/4/2019 -- 14:00:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
30/4/2019 -- 14:00:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
30/4/2019 -- 14:00:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
30/4/2019 -- 14:00:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
30/4/2019 -- 14:00:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
30/4/2019 -- 14:00:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
30/4/2019 -- 14:00:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
30/4/2019 -- 14:00:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
30/4/2019 -- 14:00:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
30/4/2019 -- 14:00:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
30/4/2019 -- 14:00:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
30/4/2019 -- 14:00:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
30/4/2019 -- 14:00:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
30/4/2019 -- 14:00:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
30/4/2019 -- 14:00:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
30/4/2019 -- 14:00:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
30/4/2019 -- 14:00:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
30/4/2019 -- 14:00:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
30/4/2019 -- 14:00:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
30/4/2019 -- 14:00:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
30/4/2019 -- 14:00:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
30/4/2019 -- 14:00:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
30/4/2019 -- 14:00:45 - <Config> - No rules loaded from local.rules.
30/4/2019 -- 14:00:45 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
30/4/2019 -- 14:00:45 - <Info> - Threshold config parsed: 0 rule(s) found
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for tcp-packet
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for tcp-stream
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for udp-packet
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for other-ip
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_uri
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_request_line
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_client_body
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_response_line
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_header
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_header
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_header_names
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_header_names
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_accept
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_accept_enc
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_accept_lang
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_referer
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_connection
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_content_len
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_content_len
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_content_type
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_content_type
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_protocol
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_protocol
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_start
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_start
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_raw_header
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_raw_header
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_method
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_cookie
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_cookie
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_raw_uri
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_user_agent
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_host
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_raw_host
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_stat_msg
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_stat_code
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for dns_query
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for tls_sni
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for tls_cert_issuer
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for tls_cert_subject
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for tls_cert_serial
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for dce_stub_data
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for dce_stub_data
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for ssh_protocol
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for ssh_protocol
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for ssh_software
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for ssh_software
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for file_data
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for file_data
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_request_line
30/4/2019 -- 14:00:46 - <Perf> - using shared mpm ctx' for http_response_line
30/4/2019 -- 14:00:46 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
30/4/2019 -- 14:00:46 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
30/4/2019 -- 14:00:46 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
30/4/2019 -- 14:00:46 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
30/4/2019 -- 14:00:46 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
30/4/2019 -- 14:00:46 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
30/4/2019 -- 14:00:46 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
30/4/2019 -- 14:00:46 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
30/4/2019 -- 14:00:52 - <Perf> - Unique rule groups: 104
30/4/2019 -- 14:00:52 - <Perf> - Builtin MPM "toserver TCP packet": 35
30/4/2019 -- 14:00:52 - <Perf> - Builtin MPM "toclient TCP packet": 17
30/4/2019 -- 14:00:52 - <Perf> - Builtin MPM "toserver TCP stream": 33
30/4/2019 -- 14:00:52 - <Perf> - Builtin MPM "toclient TCP stream": 19
30/4/2019 -- 14:00:52 - <Perf> - Builtin MPM "toserver UDP packet": 27
30/4/2019 -- 14:00:52 - <Perf> - Builtin MPM "toclient UDP packet": 17
30/4/2019 -- 14:00:52 - <Perf> - Builtin MPM "other IP packet": 3
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_uri": 14
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_request_line": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_client_body": 6
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient http_response_line": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_header": 10
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient http_header": 6
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_header_names": 2
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_accept": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_referer": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_content_len": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_content_type": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient http_content_type": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_protocol": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_start": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_method": 5
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_cookie": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient http_cookie": 2
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver http_host": 2
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver dns_query": 4
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver tls_sni": 2
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toserver file_data": 1
30/4/2019 -- 14:00:52 - <Perf> - AppLayer MPM "toclient file_data": 7
30/4/2019 -- 14:00:55 - <Perf> - Registered 39590 rule profiling counters.
30/4/2019 -- 14:00:55 - <Info> - fast output device (regular) initialized: alert
30/4/2019 -- 14:00:55 - <Info> - eve-log output device (regular) initialized: eve.json
30/4/2019 -- 14:00:55 - <Config> - enabling 'eve-log' module 'alert'
30/4/2019 -- 14:00:55 - <Config> - enabling 'eve-log' module 'http'
30/4/2019 -- 14:00:55 - <Config> - enabling 'eve-log' module 'dns'
30/4/2019 -- 14:00:55 - <Config> - enabling 'eve-log' module 'tls'
30/4/2019 -- 14:00:55 - <Config> - enabling 'eve-log' module 'files'
30/4/2019 -- 14:00:55 - <Config> - enabling 'eve-log' module 'ssh'
30/4/2019 -- 14:00:55 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
30/4/2019 -- 14:00:55 - <Info> - stats output device (regular) initialized: stats.log
30/4/2019 -- 14:00:55 - <Config> - AutoFP mode using "Hash" flow load balancer
30/4/2019 -- 14:00:55 - <Info> - reading pcap file /var/pcap/04302019.1400-pcap_1.pcap
30/4/2019 -- 14:00:55 - <Config> - using 1 flow manager threads
30/4/2019 -- 14:00:55 - <Config> 

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2019-04-30 14:00:32,122 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-04-30 14:00:32,890 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-04-30 14:00:32,890 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-04-30 14:00:32,891 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-04-30 14:00:32,891 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-04-30 14:00:32,891 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/9f6fd17db1430981158b1de03deaeeae56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04302019.1400-pcap_1.pcap -vvv -k none
2019-04-30 14:00:56,341 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-04-30 14:00:56,342 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.2347519398