Filename: pcap (1).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.5142319202 seconds
Hash: 9f8aaac364cca3d21ee8451e99231bfd
Uploaded: 1544457275

Logfiles


packet_stats.log - (16780 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             2         62541935     1012719924     537630929          1.1b    0.02
 IPv4       2            14          8479436       83956796      31845888        445.8m    0.01
 IPv4       6          6228          5291480     1315369003     767576155       4780.5b   99.18
 IPv4      17           148          9523469     1319480285     256996325         38.0b    0.79
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             2           168111         365002        266556        533.1k    0.03
TMM_FLOWWORKER              IPv4       2            14            89803         312402        125144          1.8m    0.11
TMM_FLOWWORKER              IPv4       6          6228            67962       12987073        235703          1.5b   90.49
TMM_FLOWWORKER              IPv4      17           148           125810       19407111        548847         81.2m    5.01
TMM_RECEIVEPCAPFILE         IPv4       1             2             2552           2890          2721          5.4k    0.00
TMM_RECEIVEPCAPFILE         IPv4       2            14             2540           3402          2929         41.0k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          6227             2540       11735996          5744         35.8m    2.20
TMM_RECEIVEPCAPFILE         IPv4      17           148             2546          29172          3122        462.1k    0.03
TMM_DECODEPCAPFILE          IPv4       1             2             4078          17001         10539         21.1k    0.00
TMM_DECODEPCAPFILE          IPv4       2            14             2663           9720          3449         48.3k    0.00
TMM_DECODEPCAPFILE          IPv4       6          6227             2650        5038745          5440         33.9m    2.09
TMM_DECODEPCAPFILE          IPv4      17           148             2661          15350          3204        474.2k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             2             3288           4874          4081          8.2k  0.00  
flow                    IPv4       6          6227             2816         389126          3618         22.5m  1.59  
flow                    IPv4      17           148             2820          14643          3801        562.6k  0.04  
stream                  IPv4       6          6228             2708        5703412          7369         45.9m  3.25  
app-layer               IPv4      17           148             2529          71403          8820          1.3m  0.09  
detect                  IPv4       1             2           154302         237764        196033        392.1k  0.03  
detect                  IPv4       2            14            84229         306243        119030          1.7m  0.12  
detect                  IPv4       6          6228            45200       12862949        201585          1.3b  88.86 
detect                  IPv4      17           148           109006       19378912        436411         64.6m  4.57  
tcp-prune               IPv4       6          6228             2544         115917          3280         20.4m  1.45  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             4             5850          39043         20031         80.1k  19.01 
dns                     IPv4      17            49             3858          48863          6965        341.3k  80.99 
Proto detect            IPv4      17            54             2813           9767          5435        293.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       1             1            23642          23642         23642         23.6k  0.16  
LOGGER_ALERT_FAST           IPv4       6             3            43833          85813         59192        177.6k  1.19  
LOGGER_ALERT_FAST           IPv4      17             4            16826          63962         32574        130.3k  0.87  
LOGGER_UNIFIED2             IPv4       1             1            24632          24632         24632         24.6k  0.16  
LOGGER_UNIFIED2             IPv4       6             3            42251         266028        130808        392.4k  2.63  
LOGGER_UNIFIED2             IPv4      17             4            18817         110123         47651        190.6k  1.28  
LOGGER_JSON_ALERT           IPv4       1             1            51603          51603         51603         51.6k  0.35  
LOGGER_JSON_ALERT           IPv4       6             3            77719          92315         85908        257.7k  1.73  
LOGGER_JSON_ALERT           IPv4      17             4            37889          94445         61434        245.7k  1.65  
LOGGER_JSON_DNS             IPv4      17            46            26527        8978215        263307         12.1m  81.12 
LOGGER_JSON_HTTP            IPv4       6             4            96342         186163        150469        601.9k  4.03  
LOGGER_JSON_FILE            IPv4       6             6            71552         198902        120436        722.6k  4.84  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             2            16966          18598         17782        35.6k  0.01  
payload                           IPv4       6          5328             2687         726068         18172        96.8m  23.47 
payload                           IPv4      17           148             3234        6622427         58508         8.7m  2.10  
stream                            IPv4       6          5328             2523        1840251         22718       121.0m  29.34 
http_uri                          IPv4       6             4            12531          29769         18966        75.9k  0.02  
http_request_line                 IPv4       6             4             7747          11574          9671        38.7k  0.01  
http_client_body                  IPv4       6             8             2658         385897         53114       424.9k  0.10  
http_header (request)             IPv4       6             4            56980          68749         64020       256.1k  0.06  
http_header (request trailer)     IPv4       6             4             2603           3411          2833        11.3k  0.00  
http_header_names (request)       IPv4       6             4            14564          18209         16341        65.4k  0.02  
http_accept (request)             IPv4       6             4             3533           3711          3623        14.5k  0.00  
http_referer (request)            IPv4       6             4             3149           3216          3195        12.8k  0.00  
http_content_len (request)        IPv4       6             4             3341           5426          4326        17.3k  0.00  
http_content_type (request)       IPv4       6             4             3104           4064          3619        14.5k  0.00  
http_protocol (request)           IPv4       6             4             5456           6268          5735        22.9k  0.01  
http_start (request)              IPv4       6             4            13164          14702         14099        56.4k  0.01  
http_raw_header (request)         IPv4       6             8             4271          15229         10183        81.5k  0.02  
http_method                       IPv4       6             4             6406           9187          7468        29.9k  0.01  
http_cookie (request)             IPv4       6             4             3150           3402          3296        13.2k  0.00  
http_raw_uri                      IPv4       6             4             5298           6330          5813        23.3k  0.01  
http_user_agent                   IPv4       6             4            27646          30262         28593       114.4k  0.03  
http_host                         IPv4       6             4             8795          10322          9852        39.4k  0.01  
dns_query                         IPv4      17            24             3455          15273          9541       229.0k  0.06  
http_response_line                IPv4       6             4             8521          11508         10015        40.1k  0.01  
http_header (response)            IPv4       6             4            36706          67141         49729       198.9k  0.05  
http_header (response trailer)    IPv4       6             4             2624          46276         14202        56.8k  0.01  
http_content_type (response)      IPv4       6             4             9707          12563         11761        47.0k  0.01  
http_raw_header (response)        IPv4       6          5290             3629          91565          4421        23.4m  5.67  
http_cookie (response)            IPv4       6             4             3393           3866          3647        14.6k  0.00  
http_stat_code                    IPv4       6             4             4430           4699          4534        18.1k  0.00  
file_data (http response)         IPv4       6          5286             2564        9988302         30396       160.7m  38.95 
Total                             IPv4                 21510                                         19179       412.5m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             2            61913         121518         91715        183.4k  0.01  
PROF_DETECT_IPONLY          IPv4       2            14            36873         198323         61466        860.5k  0.05  
PROF_DETECT_IPONLY          IPv4       6             6            12061          90553         48346        290.1k  0.02  
PROF_DETECT_IPONLY          IPv4      17            56            17192         190878         55920          3.1m  0.18  
PROF_DETECT_RULES           IPv4       1             2             9604          19058         14331         28.7k  0.00  
PROF_DETECT_RULES           IPv4       2            14             2541           2917          2643         37.0k  0.00  
PROF_DETECT_RULES           IPv4       6          6228             2532        6317871         43109        268.5m  15.15 
PROF_DETECT_RULES           IPv4      17           148            49910       19311888        278753         41.3m  2.33  
PROF_DETECT_STATEFUL_START    IPv4       6          1080             5105        3463708         64188         69.3m  3.91  
PROF_DETECT_STATEFUL_START    IPv4      17             4             9889          13838         12155         48.6k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       1             2             2789           3176          2982          6.0k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             2519           2997          2667         37.3k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          6228             2538         442296          9875         61.5m  3.47  
PROF_DETECT_STATEFUL_CONT    IPv4      17           148             2515          70136          4761        704.7k  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          6215             2547         403470          3171         19.7m  1.11  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            46             2620          99801          5263        242.1k  0.01  
PROF_DETECT_PREFILTER       IPv4       1             2            33430          38223         35826         71.7k  0.00  
PROF_DETECT_PREFILTER       IPv4       2            14             7874          17936          9203        128.8k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          6228             7957       11800200        105075        654.4m  36.93 
PROF_DETECT_PREFILTER       IPv4      17           148            24189        6655023         87676         13.0m  0.73  
PROF_DETECT_PF_PAYLOAD      IPv4       1             2            22035          24599         23317         46.6k  0.00  
PROF_DETECT_PF_PAYLOAD      IPv4       6          5328            18490        6949769         52199        278.1m  15.70 
PROF_DETECT_PF_PAYLOAD      IPv4      17           148             8294        6629105         64649          9.6m  0.54  
PROF_DETECT_PF_TX           IPv4       6          6215             2551       10006376         38593        239.9m  13.54 
PROF_DETECT_PF_TX           IPv4      17            24             8784          21145         15570        373.7k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6          2298             2518         169896          3367          7.7m  0.44  
PROF_DETECT_PF_SORT1        IPv4      17           148             2640           6830          3709        549.0k  0.03  
PROF_DETECT_PF_SORT2        IPv4       1             2             3023           3507          3265          6.5k  0.00  
PROF_DETECT_PF_SORT2        IPv4       2            14             2518           3589          2702         37.8k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          6228             2520          77621          3089         19.2m  1.09  
PROF_DETECT_PF_SORT2        IPv4      17           148             2558          42376          3489        516.4k  0.03  
PROF_DETECT_NONMPMLIST      IPv4       1             2             2818           3341          3079          6.2k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       2            14             2586           3380          2792         39.1k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          6228             2528          89448          3212         20.0m  1.13  
PROF_DETECT_NONMPMLIST      IPv4      17           148             2531          36105          3365        498.1k  0.03  
PROF_DETECT_ALERT           IPv4       1             2            13857          17387         15622         31.2k  0.00  
PROF_DETECT_ALERT           IPv4       2            14             2546           3277          2675         37.5k  0.00  
PROF_DETECT_ALERT           IPv4       6          6228             2521          83048          2972         18.5m  1.04  
PROF_DETECT_ALERT           IPv4      17           148             2536          28574          3197        473.2k  0.03  
PROF_DETECT_CLEANUP         IPv4       1             2             2803           3363          3083          6.2k  0.00  
PROF_DETECT_CLEANUP         IPv4       2            14             2518           2827          2579         36.1k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          6228             2567        1745195          3421         21.3m  1.20  
PROF_DETECT_CLEANUP         IPv4      17           148             2518          17253          3257        482.1k  0.03  
PROF_DETECT_GETSGH          IPv4       1             2             2785           3205          

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2018-12-10-T-15-55-00-12102018.1554-pcap_1.pcap.txt - (1708 bytes) - download
1
2
3
4
5
6
7
8
11/25/2018-20:05:28.476861  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.56.106:60304 -> 151.80.147.153:53
11/25/2018-20:05:28.554472  [**] [1:2522300:3321] ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 151 [**] [Classification: Misc Attack] [Priority: 2] {ICMP} 151.80.147.153:3 -> 192.168.56.106:3
11/25/2018-20:05:28.559757  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.56.106:55938 -> 91.217.137.44:53
11/25/2018-20:05:41.821511  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.56.106:62174 -> 151.80.147.153:53
11/25/2018-20:05:41.905067  [**] [1:2017645:3] ET CURRENT_EVENTS DNS Query Domain .bit [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.56.106:56874 -> 91.217.137.44:53
11/25/2018-20:05:43.817207  [**] [1:2019714:10] ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.106:49200 -> 185.162.131.18:80
11/25/2018-20:05:44.062006  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 185.162.131.18:80 -> 192.168.56.106:49200
11/25/2018-20:05:45.045031  [**] [1:2019714:10] ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.106:49200 -> 185.162.131.18:80


suricata-4.0.0-etpro-all-perf.txt-2018-12-10-T-15-55-00-12102018.1554-pcap_1.pcap.txt - (66775 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 12/10/2018 -- 15:55:00. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2008120      1        4        19595932     8.25   136      0        19216879    144087.74   0.00        144087.74  
  2        2018477      1        1        7118556      3.00   253      0        6284991     28136.58    0.00        28136.58   
  3        2013075      1        8        2929455      1.23   24       0        2862389     122060.62   0.00        122060.62  
  4        2020181      1        8        1606424      0.68   2        0        1569093     803212.00   0.00        803212.00  
  5        2819664      1        2        13050102     5.50   54       0        716097      241668.56   0.00        241668.56  
  6        2020865      1        3        2873068      1.21   16       0        582561      179566.75   0.00        179566.75  
  7        2803027      1        6        5658111      2.38   46       0        543007      123002.41   0.00        123002.41  
  8        2820158      1        2        10505841     4.42   41       0        526554      256240.02   0.00        256240.02  
  9        2820157      1        2        11138757     4.69   41       0        512380      271677.00   0.00        271677.00  
  10       2802991      1        5        2020423      0.85   14       0        509019      144315.93   0.00        144315.93  
  11       2819930      1        2        12380352     5.21   54       0        504677      229265.78   0.00        229265.78  
  12       2804927      1        2        1143103      0.48   36       0        500246      31752.86    0.00        31752.86   
  13       2804907      1        3        2116465      0.89   29       0        496783      72981.55    0.00        72981.55   
  14       2802987      1        5        5449623      2.29   63       0        478044      86501.95    0.00        86501.95   
  15       2801930      1        7        4668946      1.97   47       0        466218      99339.28    0.00        99339.28   
  16       2803657      1        5        1538407      0.65   50       0        464793      30768.14    0.00        30768.14   
  17       2804906      1        3        1382162      0.58   19       0        462706      72745.37    0.00        72745.37   
  18       2804911      1        3        4099420      1.73   42       0        445862      97605.24    0.00        97605.24   
  19       2801929      1        7        4839033      2.04   47       0        440412      102958.15   0.00        102958.15  
  20       2020661      1        3        891095       0.38   145      0        387316      6145.48     0.00        6145.48    
  21       2816510      1        3        342554       0.14   1        0        342554      342554.00   0.00        342554.00  
  22       2018789      1        3        570586       0.24   2        0        321627      285293.00   0.00        285293.00  
  23       2802035      1        4        250813       0.11   1        0        250813      250813.00   0.00        250813.00  
  24       2819940      1        3        236292       0.10   1        0        236292      236292.00   0.00        236292.00  
  25       2016855      1        2        330315       0.14   2        0        235822      165157.50   0.00        165157.50  
  26       2812433      1        2        353027       0.15   6        0        200298      58837.83    0.00        58837.83   
  27       2021151      1        1        640304       0.27   153      0        194916      4184.99     0.00        4184.99    
  28       2020780      1        2        188578       0.08   1        0        188578      188578.00   0.00        188578.00  
  29       2018069      1        1        184642       0.08   1        0        184642      184642.00   0.00        184642.00  
  30       2018013      1        3        176853       0.07   1        0        176853      176853.00   0.00        176853.00  
  31       2016854      1        3        279039       0.12   2        0        173839      139519.50   0.00        139519.50  
  32       2829848      1        2        195050       0.08   2        0        166582      97525.00    0.00        97525.00   
  33       2819659      1        4        160734       0.07   1        0        160734      160734.00   0.00        160734.00  
  34       2018342      1        2        151472       0.06   1        0        151472      151472.00   0.00        151472.00  
  35       2008575      1        5        3670421      1.55   654      0        144494      5612.26     0.00        5612.26    
  36       2819933      1        2        141103       0.06   1        0        141103      141103.00   0.00        141103.00  
  37       2019714      1        10       209989       0.09   2        2        129173      104994.50   104994.50   0.00       
  38       2018358      1        7        380730       0.16   4        0        129164      95182.50    0.00        95182.50   
  39       2018077      1        5        127378       0.05   1        0        127378      127378.00   0.00        127378.00  
  40       2020613      1        3        122981       0.05   1        0        122981      122981.00   0.00        122981.00  
  41       2020826      1        7        189146       0.08   2        0        121220      94573.00    0.00        94573.00   
  42       2019083      1        2        145465       0.06   2        0        119410      72732.50    0.00        72732.50   
  43       2023626      1        3        394777       0.17   100      0        117628      3947.77     0.00        3947.77    
  44       2020692      1        1        112103       0.05   1        0        112103      112103.00   0.00        112103.00  
  45       2805912      1        2        494431       0.21   136      0        108262      3635.52     0.00        3635.52    
  46       2020612      1        3        180046       0.08   3        0        108216      60015.33    0.00        60015.33   
  47       2020773      1        2        157024       0.07   2        0        107163      78512.00    0.00        78512.00   
  48       2020763      1        2        102728       0.04   1        0        102728      102728.00   0.00        102728.00  
  49       2014353      1        6        152910       0.06   2        0        101971      76455.00    0.00        76455.00   
  50       2017934      1        4        100396       0.04   1        0        100396      100396.00   0.00        100396.00  
  51       2020778      1        2        98422        0.04   1        0        98422       98422.00    0.00        98422.00   
  52       2020789      1        2        98175        0.04   1        0        98175       98175.00    0.00        98175.00   
  53       2816165      1        5        258109       0.11   8        0        98118       32263.62    0.00        32263.62   
  54       2017914      1        2        97803        0.04   1        0        97803       97803.00    0.00        97803.00   
  55       2012981      1        5        157040       0.07   2        0        97744       78520.00    0.00        78520.00   
  56       2806802      1        2        2121244      0.89   81       0        97567       26188.20    0.00        26188.20   
  57       2016537      1        2        14077861     5.93   881      0        94286       15979.41    0.00        15979.41   
  58       2017613      1        9        189501       0.08   4        0        93622       47375.25    0.00        47375.25   
  59       2828008      1        2        189157       0.08   4        0        93536       47289.25    0.00        47289.25   
  60       2806189      1        4        112226       0.05   2        0        89068       56113.00    0.00        56113.00   
  61       2010140      1        7        758945       0.32   134      0        88646       5663.77     0.00        5663.77    
  62       2017548      1        6        118599       0.05   9        0        87941       13177.67    0.00        13177.67   
  63       2022896      1        5        129750       0.05   2        0        87484       64875.00    0.00        64875.00   
  64       2018639      1        2        86475        0.04   1        0        86475       86475.00    0.00        86475.00   
  65       2014819      1        3        165824       0.07   2        0        86372       82912.00    0.00        82912.00   
  66       2022989      1        2        86362        0.04   1        0        86362       86362.00    0.00        86362.00   
  67       2018010      1        5        149248       0.06   4        0        82456       37312.00    0.00        37312.00   
  68       2803139      1        3        82353        0.03   1        0        82353       82353.00    0.00        82353.00   
  69       2019345      1        2        1562258      0.66   34       0        81945       45948.76    0.00        45948.76   
  70       2802880      1        3        81902        0.03   1        0        81902       81902.00    0.00        81902.00   
  71       2017552      1        6        13372047     5.63   885      0        81837       15109.66    0.00        15109.66   
  72       2815942      1        2        134645       0.06   2        0        81159       67322.50    0.00        67322.50   
  73       2805348      1        4        546911       0.23   10       0        79244       54691.10    0.00        54691.10   
  74       2019094      1        5        183368       0.08   6        0        79075       30561.33    0.00        30561.33   
  75       2001330      1        8        14039866     5.91   4581     0        75114       3064.80     0.00        3064.80    
  76       2807440      1        3        166940       0.07   6        0        73994       27823.33    0.00        27823.33   
  77       2807970      1        8        159599       0.07   6        0        73677       26599.83    0.00        26599.83   
  78       2816530      1        2        133313       0.06   2        0        73591       66656.50    0.00        66656.50   
  79       2827279      1        5        173344       0.07   4        0        73441       43336.00    0.00        43336.00   
  80       2809363      1        3        147783       0.06   6        0        70223       24630.50    0.00        24630.50   
  81       2014130      1        2        1330643      0.56   437      0        69800       3044.95     0.00        3044.95    
  82       2024909      1        2        616743       0.26   23       0        69301       26814.91    0.00        26814.91   
  83       2816909      1        2        245284       0.10   4        0        67973       61321.00    0.00        61321.00   
  84       2016141      1        5        115711       0.05   2        0        67498       57855.50    0.00        57855.50   
  85       2013352      1        4        127821       0.05   2        0        67280       63910.50    0.00        63910.50   
  86       2816925      1        3        148651       0.06   4        0        66151       37162.75    0.00        37162.75   
  87       2008297      1        5        697268       0.29   216      0        66050       3228.09     0.00        3228.09    
  88       2816928      1        3        156601       0.07   4        0        65936       39150.25    0.00        39150.25   
  89       2022658      1        4        101849       0.04   2        0        65788       50924.50    0.00        50924.50   
  90       2815102      1        2        119003       0.05   2        0        65376       59501.50    0.00        59501.50   
  91       2022901      1        2        135714       0.06   6        0        64310       22619.00    0.00        22619.00   
  92       2816910      1        2        226509       0.10   4        0        63773       56627.25    0.00        56627.25   
  93       2014519      1        7        729795       0.31   34       0        63406       21464.56    0.00        21464.56   
  94       2020768      1        2        62908        0.03   1        0        62908       62908.00    0.00        62908.00   
  95       2019344      1        5        184649       0.08   4        2        62654       46162.25    62535.50    29789.00   
  96       2016858      1        10       200832       0.08   8        0        62420       25104.00    0.00        25104.00   
  97       2816327      1        4        170622       0.07   4        0        62188       42655.50    0.00        42655.50   
  98       2821561      1        2        214136       0.09   4        0        61307       53534.00    0.00        53534.00   
  99       2018241      1        2        110446       0.05   2        0        59603       55223.00    0.00        55223.00   
  100      2024829      1        2        533080       0.22   21       0        58324       25384.76    0.00        25384.76   
  101      2816929      1        4        187787       0.08   4        0        57347       46946.75    0.00        46946.75   
  102      2821569      1        7        93566        0.04   2        0        57014       46783.00    0.00        46783.00   
  103      2010143      1        3        639849       0.27   134      0        56266       4774.99     0.00        4774.99    
  104      2014701      1        12       608193       0.26   46       0        56006       13221.59    0.00        13221.59   
  105      2018983      1        7        137764       0.06   4        0        55675       34441.00    0.00        34441.00   
  106      2816922      1        5        137657       0.06   4        0        55367       34414.25    0.00        34414.25   
  107      2820851      1        5        186299       0.08   4        0        55229       46574.75    0.00        46574.75   
  108      2018959      1        3        70715        0.03   2        1        55028       35357.50    55028.00    15687.00   
  109      2017261      1        3        100879       0.04   2        0        55010       50439.50    0.00        50439.50   
  110      2828877      1        1        898109       0.38   300      0        54892       2993.70     0.00        2993.70    
  111      2816940      1        2        214711       0.09   4        0        54859       53677.75    0.00        53677.75   
  112      2024771      1        1        4500813      1.90   1251     0        54584       3597.77     0.00        3597.77    
  113      2018121      1        4        83010        0.03   2        0        53688       41505.00    0.00        41505.00   
  114      2024777      1        2        1720327      0.72   528      0        53339       3258.20     0.00        3258.20    
  115      2022550      1        16       85668        0.04   2        0        52577       42834.00    0.00        42834.00   
  116      2016499      1        14       80930        0.03   2        0        52272       40465.00    0.00        40465.00   
  117      2009028      1        11       98835        0.04   2        0        52083       49417.50    0.00        49417.50   
  118      2023083      1        2        82699        0.03   2        0        51920       41349.50    0.00        41349.50   
  119      2018375      1        3        1526854      0.64   114      0        51206       13393.46    0.00        13393.46   
  120      2816927      1        3        135017       0.06   4        0        51203       33754.25    0.00        33754.25   
  121      2809850      1        2        256347       0.11   10       0        50974       25634.70    0.00        25634.70   
  122      2016029      1        3        91834        0.04   2        0        50588       45917.00    0.00        45917.00   
  123      2022552      1        2        708672       0.30   28       0        50366       25309.71    0.00        25309.71   
  124      2804508      1        2        90501        0.04   2        0        49894       45250.50    0.00        45250.50   
  125      2810481      1        4        

This file has been truncated. Go here to download in full.


suricata-report-2018-12-10-T-15-55-00-12102018.1554-pcap_1.pcap.txt - (17973 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/9f8aaac364cca3d21ee8451e99231bfd56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12102018.1554-pcap_1.pcap -vvv -k none
elapsedtime:23.529832
stderr:
stdout:
10/12/2018 -- 15:54:36 - <Info> - Configuration node 'rule-files' redefined.
10/12/2018 -- 15:54:36 - <Notice> - This is Suricata version 4.0.0 RELEASE
10/12/2018 -- 15:54:36 - <Info> - CPUs/cores online: 1
10/12/2018 -- 15:54:36 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33340 and 'request-body-inspect-window' set to 15910 after randomization.
10/12/2018 -- 15:54:36 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33025 and 'response-body-inspect-window' set to 16925 after randomization.
10/12/2018 -- 15:54:36 - <Config> - DNS request flood protection level: 500
10/12/2018 -- 15:54:36 - <Config> - DNS per flow memcap (state-memcap): 524288
10/12/2018 -- 15:54:36 - <Config> - DNS global memcap: 16777216
10/12/2018 -- 15:54:36 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
10/12/2018 -- 15:54:36 - <Config> - preallocated 1000 hosts of size 136
10/12/2018 -- 15:54:36 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
10/12/2018 -- 15:54:36 - <Config> - using magic-file /usr/share/file/magic
10/12/2018 -- 15:54:36 - <Config> - Core dump size is unlimited.
10/12/2018 -- 15:54:36 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
10/12/2018 -- 15:54:36 - <Config> - preallocated 1000 defrag trackers of size 168
10/12/2018 -- 15:54:36 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
10/12/2018 -- 15:54:36 - <Config> - stream "prealloc-sessions": 2048 (per thread)
10/12/2018 -- 15:54:36 - <Config> - stream "memcap": 33554432
10/12/2018 -- 15:54:36 - <Config> - stream "midstream" session pickups: disabled
10/12/2018 -- 15:54:36 - <Config> - stream "async-oneside": disabled
10/12/2018 -- 15:54:36 - <Config> - stream "checksum-validation": disabled
10/12/2018 -- 15:54:36 - <Config> - stream."inline": disabled
10/12/2018 -- 15:54:36 - <Config> - stream "bypass": disabled
10/12/2018 -- 15:54:36 - <Config> - stream "max-synack-queued": 5
10/12/2018 -- 15:54:36 - <Config> - stream.reassembly "memcap": 134217728
10/12/2018 -- 15:54:36 - <Config> - stream.reassembly "depth": 0
10/12/2018 -- 15:54:36 - <Config> - stream.reassembly "toserver-chunk-size": 2435
10/12/2018 -- 15:54:36 - <Config> - stream.reassembly "toclient-chunk-size": 2587
10/12/2018 -- 15:54:36 - <Config> - stream.reassembly.raw: enabled
10/12/2018 -- 15:54:36 - <Config> - stream.reassembly "segment-prealloc": 2048
10/12/2018 -- 15:54:36 - <Config> - Delayed detect disabled
10/12/2018 -- 15:54:36 - <Config> - pattern matchers: MPM: ac, SPM: bm
10/12/2018 -- 15:54:36 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
10/12/2018 -- 15:54:36 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
10/12/2018 -- 15:54:36 - <Config> - prefilter engines: MPM
10/12/2018 -- 15:54:36 - <Config> - IP reputation disabled
10/12/2018 -- 15:54:36 - <Perf> - Registered 148 keyword profiling counters.
10/12/2018 -- 15:54:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
10/12/2018 -- 15:54:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
10/12/2018 -- 15:54:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
10/12/2018 -- 15:54:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
10/12/2018 -- 15:54:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
10/12/2018 -- 15:54:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
10/12/2018 -- 15:54:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
10/12/2018 -- 15:54:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
10/12/2018 -- 15:54:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
10/12/2018 -- 15:54:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
10/12/2018 -- 15:54:41 - <Config> - No rules loaded from ET-icmp.rules.
10/12/2018 -- 15:54:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
10/12/2018 -- 15:54:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
10/12/2018 -- 15:54:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
10/12/2018 -- 15:54:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
10/12/2018 -- 15:54:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
10/12/2018 -- 15:54:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
10/12/2018 -- 15:54:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
10/12/2018 -- 15:54:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
10/12/2018 -- 15:54:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
10/12/2018 -- 15:54:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
10/12/2018 -- 15:54:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
10/12/2018 -- 15:54:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
10/12/2018 -- 15:54:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
10/12/2018 -- 15:54:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
10/12/2018 -- 15:54:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
10/12/2018 -- 15:54:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
10/12/2018 -- 15:54:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
10/12/2018 -- 15:54:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
10/12/2018 -- 15:54:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
10/12/2018 -- 15:54:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
10/12/2018 -- 15:54:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
10/12/2018 -- 15:54:47 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
10/12/2018 -- 15:54:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
10/12/2018 -- 15:54:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
10/12/2018 -- 15:54:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
10/12/2018 -- 15:54:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
10/12/2018 -- 15:54:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
10/12/2018 -- 15:54:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
10/12/2018 -- 15:54:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
10/12/2018 -- 15:54:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
10/12/2018 -- 15:54:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
10/12/2018 -- 15:54:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
10/12/2018 -- 15:54:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
10/12/2018 -- 15:54:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
10/12/2018 -- 15:54:49 - <Config> - No rules loaded from local.rules.
10/12/2018 -- 15:54:49 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
10/12/2018 -- 15:54:49 - <Info> - Threshold config parsed: 0 rule(s) found
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for tcp-packet
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for tcp-stream
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for udp-packet
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for other-ip
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_uri
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_request_line
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_client_body
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_response_line
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_header
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_header
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_header_names
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_header_names
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_accept
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_accept_enc
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_accept_lang
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_referer
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_connection
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_content_len
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_content_len
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_content_type
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_content_type
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_protocol
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_protocol
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_start
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_start
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_raw_header
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_raw_header
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_method
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_cookie
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_cookie
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_raw_uri
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_user_agent
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_host
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_raw_host
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_stat_msg
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_stat_code
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for dns_query
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for tls_sni
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for tls_cert_issuer
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for tls_cert_subject
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for tls_cert_serial
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for dce_stub_data
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for dce_stub_data
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for ssh_protocol
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for ssh_protocol
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for ssh_software
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for ssh_software
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for file_data
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for file_data
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_request_line
10/12/2018 -- 15:54:50 - <Perf> - using shared mpm ctx' for http_response_line
10/12/2018 -- 15:54:50 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
10/12/2018 -- 15:54:50 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
10/12/2018 -- 15:54:50 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
10/12/2018 -- 15:54:50 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
10/12/2018 -- 15:54:50 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
10/12/2018 -- 15:54:50 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
10/12/2018 -- 15:54:50 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
10/12/2018 -- 15:54:50 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
10/12/2018 -- 15:54:55 - <Perf> - Unique rule groups: 104
10/12/2018 -- 15:54:55 - <Perf> - Builtin MPM "toserver TCP packet": 35
10/12/2018 -- 15:54:55 - <Perf> - Builtin MPM "toclient TCP packet": 17
10/12/2018 -- 15:54:55 - <Perf> - Builtin MPM "toserver TCP stream": 33
10/12/2018 -- 15:54:55 - <Perf> - Builtin MPM "toclient TCP stream": 19
10/12/2018 -- 15:54:55 - <Perf> - Builtin MPM "toserver UDP packet": 27
10/12/2018 -- 15:54:55 - <Perf> - Builtin MPM "toclient UDP packet": 17
10/12/2018 -- 15:54:55 - <Perf> - Builtin MPM "other IP packet": 3
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_uri": 14
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_request_line": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_client_body": 6
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient http_response_line": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_header": 10
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient http_header": 6
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_header_names": 2
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_accept": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_referer": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_content_len": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_content_type": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient http_content_type": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_protocol": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_start": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_method": 5
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_cookie": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient http_cookie": 2
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver http_host": 2
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver dns_query": 4
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver tls_sni": 2
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toserver file_data": 1
10/12/2018 -- 15:54:55 - <Perf> - AppLayer MPM "toclient file_data": 7
10/12/2018 -- 15:54:57 - <Perf> - Registered 39590 rule profiling counters.
10/12/2018 -- 15:54:57 - <Info> - fast output device (regular) initialized: alert
10/12/2018 -- 15:54:57 - <Info> - eve-log output device (regular) initialized: eve.json
10/12/2018 -- 15:54:57 - <Config> - enabling 'eve-log' module 'alert'
10/12/2018 -- 15:54:57 - <Config> - enabling 'eve-log' module 'http'
10/12/2018 -- 15:54:57 - <Config> - enabling 'eve-log' module 'dns'
10/12/2018 -- 15:54:57 - <Config> - enabling 'eve-log' module 'tls'
10/12/2018 -- 15:54:57 - <Config> - enabling 'eve-log' module 'files'
10/12/2018 -- 15:54:57 - <Config> - enabling 'eve-log' module 'ssh'
10/12/2018 -- 15:54:58 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
10/12/2018 -- 15:54:58 - <Info> - stats output device (regular) initialized: stats.log
10/12/2018 -- 15:54:58 - <Config> - AutoFP mode using "Hash" flow loa

This file has been truncated. Go here to download in full.


stats.log - (3149 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 12/10/2018 -- 15:55:00 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 6409
decoder.bytes                              | Total                     | 6266461
decoder.ipv4                               | Total                     | 6391
decoder.ethernet                           | Total                     | 6409
decoder.tcp                                | Total                     | 6227
decoder.udp                                | Total                     | 148
decoder.icmpv4                             | Total                     | 2
decoder.avg_pkt_size                       | Total                     | 977
decoder.max_pkt_size                       | Total                     | 11788
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 34
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 3
tcp.synack                                 | Total                     | 3
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 8
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 3
app_layer.tx.http                          | Total                     | 4
app_layer.flow.dns_udp                     | Total                     | 24
app_layer.tx.dns_udp                       | Total                     | 24
app_layer.flow.failed_udp                  | Total                     | 10
flow_mgr.new_pruned                        | Total                     | 12
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 18
flow_mgr.flows_notimeout                   | Total                     | 13
flow_mgr.flows_timeout                     | Total                     | 5
flow_mgr.flows_removed                     | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65518
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7082944


eve.json - (28550 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
{"timestamp":"2018-11-25T20:04:23.088805+0000","flow_id":690826166885093,"pcap_cnt":99,"event_type":"dns","src_ip":"192.168.56.106","src_port":57027,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11338,"rrname":"109.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:04:23.310670+0000","flow_id":690826166885093,"pcap_cnt":102,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":57027,"proto":"UDP","dns":{"type":"answer","id":11338,"rcode":"NOERROR","rrname":"109.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:04:26.195950+0000","flow_id":1882982386957678,"pcap_cnt":105,"event_type":"dns","src_ip":"192.168.56.106","src_port":63631,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10748,"rrname":"107.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:04:26.417000+0000","flow_id":1882982386957678,"pcap_cnt":106,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":63631,"proto":"UDP","dns":{"type":"answer","id":10748,"rcode":"NOERROR","rrname":"107.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:04:27.312860+0000","flow_id":1081133467682332,"pcap_cnt":107,"event_type":"dns","src_ip":"192.168.56.106","src_port":65114,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49545,"rrname":"d.8.1.f.9.a.f.a.0.9.2.1.c.3.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:04:27.541180+0000","flow_id":1081133467682332,"pcap_cnt":108,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":65114,"proto":"UDP","dns":{"type":"answer","id":49545,"rcode":"NOERROR","rrname":"d.8.1.f.9.a.f.a.0.9.2.1.c.3.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:04:40.992535+0000","flow_id":1316291517883671,"pcap_cnt":109,"event_type":"dns","src_ip":"192.168.56.106","src_port":50918,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19604,"rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:04:41.036058+0000","flow_id":698421817740506,"pcap_cnt":110,"event_type":"dns","src_ip":"192.168.56.106","src_port":55164,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14813,"rrname":"108.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:04:41.221491+0000","flow_id":1316291517883671,"pcap_cnt":111,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":50918,"proto":"UDP","dns":{"type":"answer","id":19604,"rcode":"NOERROR","rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:04:41.255132+0000","flow_id":698421817740506,"pcap_cnt":112,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":55164,"proto":"UDP","dns":{"type":"answer","id":14813,"rcode":"NOERROR","rrname":"108.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:04:54.260607+0000","flow_id":2023496538847743,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.56.106","src_port":60720,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63798,"rrname":"b.9.d.1.8.0.5.6.0.f.9.8.1.e.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:04:54.261214+0000","flow_id":96550871563358,"pcap_cnt":114,"event_type":"dns","src_ip":"192.168.56.106","src_port":54068,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42614,"rrname":"112.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:04:54.491111+0000","flow_id":96550871563358,"pcap_cnt":115,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":54068,"proto":"UDP","dns":{"type":"answer","id":42614,"rcode":"NOERROR","rrname":"112.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:04:54.492640+0000","flow_id":2023496538847743,"pcap_cnt":116,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":60720,"proto":"UDP","dns":{"type":"answer","id":63798,"rcode":"NOERROR","rrname":"b.9.d.1.8.0.5.6.0.f.9.8.1.e.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:05:08.076128+0000","flow_id":846512291850592,"pcap_cnt":117,"event_type":"dns","src_ip":"192.168.56.106","src_port":53597,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30898,"rrname":"a.7.7.a.6.c.5.1.3.9.5.9.c.a.c.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:05:08.303034+0000","flow_id":846512291850592,"pcap_cnt":118,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":53597,"proto":"UDP","dns":{"type":"answer","id":30898,"rcode":"NOERROR","rrname":"a.7.7.a.6.c.5.1.3.9.5.9.c.a.c.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:05:28.476861+0000","flow_id":581695347115709,"pcap_cnt":119,"event_type":"alert","src_ip":"192.168.56.106","src_port":60304,"dest_ip":"151.80.147.153","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017645,"rev":3,"signature":"ET CURRENT_EVENTS DNS Query Domain .bit","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2018-11-25T20:05:28.476861+0000","flow_id":581695347115709,"pcap_cnt":119,"event_type":"dns","src_ip":"192.168.56.106","src_port":60304,"dest_ip":"151.80.147.153","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37174,"rrname":"projectkanor.bit","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-25T20:05:28.554472+0000","flow_id":581695347115709,"pcap_cnt":120,"event_type":"alert","src_ip":"151.80.147.153","dest_ip":"192.168.56.106","proto":"ICMP","icmp_type":3,"icmp_code":3,"alert":{"action":"allowed","gid":1,"signature_id":2522300,"rev":3321,"signature":"ET TOR Known Tor Relay\/Router (Not Exit) Node Traffic group 151","category":"Misc Attack","severity":2},"app_proto":"dns"}
{"timestamp":"2018-11-25T20:05:28.559757+0000","flow_id":909203783322253,"pcap_cnt":121,"event_type":"alert","src_ip":"192.168.56.106","src_port":55938,"dest_ip":"91.217.137.44","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017645,"rev":3,"signature":"ET CURRENT_EVENTS DNS Query Domain .bit","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2018-11-25T20:05:28.559757+0000","flow_id":909203783322253,"pcap_cnt":121,"event_type":"dns","src_ip":"192.168.56.106","src_port":55938,"dest_ip":"91.217.137.44","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37418,"rrname":"projectkanor.bit","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-25T20:05:28.898147+0000","flow_id":909203783322253,"pcap_cnt":122,"event_type":"dns","src_ip":"91.217.137.44","src_port":53,"dest_ip":"192.168.56.106","dest_port":55938,"proto":"UDP","dns":{"type":"answer","id":37418,"rcode":"NOERROR","rrname":"projectkanor.bit","rrtype":"A","ttl":600,"rdata":"185.178.44.112"}}
{"timestamp":"2018-11-25T20:05:28.898147+0000","flow_id":909203783322253,"pcap_cnt":122,"event_type":"dns","src_ip":"91.217.137.44","src_port":53,"dest_ip":"192.168.56.106","dest_port":55938,"proto":"UDP","dns":{"type":"answer","id":37418,"rcode":"NOERROR","rrname":"projectkanor.bit","rrtype":"A","ttl":600,"rdata":"185.162.131.18"}}
{"timestamp":"2018-11-25T20:05:28.898147+0000","flow_id":909203783322253,"pcap_cnt":122,"event_type":"dns","src_ip":"91.217.137.44","src_port":53,"dest_ip":"192.168.56.106","dest_port":55938,"proto":"UDP","dns":{"type":"answer","id":37418,"rcode":"NOERROR","rrname":"projectkanor.bit","rrtype":"A","ttl":600,"rdata":"185.178.44.250"}}
{"timestamp":"2018-11-25T20:05:28.898147+0000","flow_id":909203783322253,"pcap_cnt":122,"event_type":"dns","src_ip":"91.217.137.44","src_port":53,"dest_ip":"192.168.56.106","dest_port":55938,"proto":"UDP","dns":{"type":"answer","id":37418,"rcode":"NOERROR","rrname":"projectkanor.bit","rrtype":"A","ttl":600,"rdata":"185.159.130.177"}}
{"timestamp":"2018-11-25T20:05:28.898147+0000","flow_id":909203783322253,"pcap_cnt":122,"event_type":"dns","src_ip":"91.217.137.44","src_port":53,"dest_ip":"192.168.56.106","dest_port":55938,"proto":"UDP","dns":{"type":"answer","id":37418,"rcode":"NOERROR","rrname":"projectkanor.bit","rrtype":"NS","ttl":600,"rdata":"b.dnspod.com"}}
{"timestamp":"2018-11-25T20:05:28.898147+0000","flow_id":909203783322253,"pcap_cnt":122,"event_type":"dns","src_ip":"91.217.137.44","src_port":53,"dest_ip":"192.168.56.106","dest_port":55938,"proto":"UDP","dns":{"type":"answer","id":37418,"rcode":"NOERROR","rrname":"projectkanor.bit","rrtype":"NS","ttl":600,"rdata":"c.dnspod.com"}}
{"timestamp":"2018-11-25T20:05:28.898147+0000","flow_id":909203783322253,"pcap_cnt":122,"event_type":"dns","src_ip":"91.217.137.44","src_port":53,"dest_ip":"192.168.56.106","dest_port":55938,"proto":"UDP","dns":{"type":"answer","id":37418,"rcode":"NOERROR","rrname":"projectkanor.bit","rrtype":"NS","ttl":600,"rdata":"d.dnspod.com"}}
{"timestamp":"2018-11-25T20:05:28.898147+0000","flow_id":909203783322253,"pcap_cnt":122,"event_type":"dns","src_ip":"91.217.137.44","src_port":53,"dest_ip":"192.168.56.106","dest_port":55938,"proto":"UDP","dns":{"type":"answer","id":37418,"rcode":"NOERROR","rrname":"projectkanor.bit","rrtype":"NS","ttl":600,"rdata":"a.dnspod.com"}}
{"timestamp":"2018-11-25T20:05:29.165647+0000","flow_id":1045315591964431,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.56.106","src_port":61940,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40139,"rrname":"153.147.80.151.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:05:29.165932+0000","flow_id":2163035733592108,"pcap_cnt":124,"event_type":"dns","src_ip":"192.168.56.106","src_port":64895,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":31991,"rrname":"44.137.217.91.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:05:29.329750+0000","flow_id":2163035733592108,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":64895,"proto":"UDP","dns":{"type":"answer","id":31991,"rcode":"NOERROR","rrname":"44.137.217.91.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:05:29.385338+0000","flow_id":1045315591964431,"pcap_cnt":126,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":61940,"proto":"UDP","dns":{"type":"answer","id":40139,"rcode":"NOERROR","rrname":"153.147.80.151.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:05:31.683965+0000","flow_id":237028516786109,"pcap_cnt":143,"event_type":"dns","src_ip":"192.168.56.106","src_port":53861,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39740,"rrname":"250.255.255.239.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:05:31.907132+0000","flow_id":237028516786109,"pcap_cnt":144,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":53861,"proto":"UDP","dns":{"type":"answer","id":39740,"rcode":"NOERROR","rrname":"250.255.255.239.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:05:34.076377+0000","flow_id":958117018727931,"pcap_cnt":160,"event_type":"fileinfo","src_ip":"192.168.56.106","src_port":49198,"dest_ip":"185.178.44.112","dest_port":80,"proto":"TCP","http":{"hostname":"projectkanor.bit","url":"\/az\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2697},"app_proto":"http","fileinfo":{"filename":"\/az\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":107,"tx_id":0}}
{"timestamp":"2018-11-25T20:05:34.719648+0000","flow_id":2056449678048032,"pcap_cnt":594,"event_type":"dns","src_ip":"192.168.56.106","src_port":57606,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20107,"rrname":"112.44.178.185.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:05:34.880169+0000","flow_id":2056449678048032,"pcap_cnt":1174,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":57606,"proto":"UDP","dns":{"type":"answer","id":20107,"rcode":"NOERROR","rrname":"112.44.178.185.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:05:37.614877+0000","flow_id":2089570318508509,"pcap_cnt":4882,"event_type":"dns","src_ip":"192.168.56.106","src_port":61850,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18972,"rrname":"c.1.1.9.2.8.1.f.9.6.b.7.f.5.1.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2018-11-25T20:05:37.731977+0000","flow_id":958117018727931,"pcap_cnt":4994,"event_type":"http","src_ip":"192.168.56.106","src_port":49198,"dest_ip":"185.178.44.112","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"projectkanor.bit","url":"\/az\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"text\/html"}}
{"timestamp":"2018-11-25T20:05:37.820954+0000","flow_id":958117018727931,"pcap_cnt":4996,"event_type":"fileinfo","src_ip":"185.178.44.112","src_port":80,"dest_ip":"192.168.56.106","dest_port":49198,"proto":"TCP","http":{"hostname":"projectkanor.bit","url":"\/az\/index.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":4475068},"app_proto":"http","fileinfo":{"filename":"\/az\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":4474090,"tx_id":0}}
{"timestamp":"2018-11-25T20:05:37.841793+0000","flow_id":2089570318508509,"pcap_cnt":4997,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.106","dest_port":61850,"proto":"UDP","dns":{"type":"answer","id":18972,"rcode":"NOERROR","rrname":"c.1.1.9.2.8.1.f.9.6.b.7.f.5.1.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2018-11-25T20:05:41.821511+0000","flow_id":791760050948359,"pcap_cnt":5004,"event_type":"alert","src_ip":"192.168.56.106","src_port":62174,"dest_ip":"151.80.147.153","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017645,"rev":3,"signature":"ET CURRENT_EVENTS DNS Query Domain .bit","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2018-11-25T20:05:41.821511+0000","flow_id":791760050948359,"pcap_cnt":5004,"event_type":"dns","src_ip":"192.168.56.106","src_port":62174,"dest_ip":"151.80.147.153","dest_port":53,"proto":"UDP","dns":{"type":"query","id":47608,"rrname":"projectkanor.bit","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-25T20:05:41.905067+0000","flow_id":42475088891755,"pcap_cnt":5006,"event_type":"alert","src_ip":"192.168.56.106","src_port":56874,"dest_ip":"91.217.137.44","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2017645,"rev":3,"signature":"ET CURRENT_EVENTS DNS Query Domain .bit","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2018-11-25T20:05:41.905067+0000","flow_id":42475088891755,"pcap_cnt":5006,"event_type":"dns","src_ip":"192.168.56.106","src_port":56874,"dest_ip":"91.217.137.44","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65075,"rrname":"projectkanor.bit","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-25T20:05:42.161089+0000","flow_id":42475088891755,"pcap_cnt":5007,"event_type":

This file has been truncated. Go here to download in full.


unified2.alert.1544457298 - (49418 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
4[ûˆF½ÉmÀ¨8j—P“™ë5h[ûˆ[ûˆF½L
'¢r¼ ë$E>
u€	>À¨8j—P“™ë5*6projectkanorbit4[ûˆuè&|¼ù—P“™À¨8j„[ûˆ[ûˆuèh¢r¼ ë$
'EZ236.t—P“™À¨8j!5E>
ut>À¨8j—P“™ë5*6projectkanorbit4[ûˆŠÉmÀ¨8j[ى,ڂ5h[ûˆ[ûˆŠL
'¢r¼ ë$E>
x€OÀ¨8j[ى,ڂ5*D¥’*projectkanorbit4[û•‰ÉmÀ¨8j—P“™òÞ5h[û•[û•‰L
'¢r¼ ë$E>ÀðÀ¨8j—P“™òÞ5*¾–¹øprojectkanorbit4[û•
ÏkÉmÀ¨8j[ى,Þ*5h[û•[û•
ÏkL
'¢r¼ ë$E>ƀFÑÀ¨8j[ى,Þ*5*Ôóþ3projectkanorbit4[û—x7т
À¨8j¹¢ƒÀ0Pã[û—[û—x7ÇE¹„xÀ¨8j¹¢ƒÀ0PP/!GET /zz/r2.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Host: kikidoyoulabme222.ru
Cache-Control: no-cache

4[û˜ò6Ώ!¹¢ƒÀ¨8jPÀ0¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0P¤Ä{¥
+Ñt+t+(£
t+|¥u+u+(+
+›u+u+3+ˆ+ù*Ð_&*0«AEBXB{¦
+Ñu,t,(¢
t,|¦u,u,(+
+›u,t,3+ˆ+ù*Ð`&~ê ¦~ê ¦‘~ê ÑX
_œ*0†?EX=B{¦
+Ñu,t,(£
t,|¦t,t,(+
+›t,u,3+ˆ+ù*Ða&*:(½
*Ðr&*0ZB~å
E,{¨
t/,+Ï	 þ‘Y+ñt/o…*Ðs&*0K+E#{§
t.,+Ï+úu.o*Ðt&*0>+&E
Ðu&+Ü ’%Ðç(
*0K+E#{©
u0,+Ï+út0o‰*Ðv&*0K>E###{ª
u1,+Ï+út1o*Ðw&*0®?EXX=B{§
+Ñu.u.(¢
t.|§t.t.(+
+›u.u.3+ˆ+ù*Ðx&~ê ~ê ‘~ê ¼‘a ƒ_œ*0†CE=¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0PLÂXB{§
+Ñu.u.(£
t.|§t.t.(+
+›t.u.3+ˆ+ù*Ðy&*0†?E=XXB{¨
+Ñt/u/(¢
t/|¨t/t/(+
+›t/t/3+ˆ+ù*Ðz&*0†@EBBX{¨
+Ñu/u/(£
t/|¨t/u/(+
+›t/t/3+ˆ+ù*Ð{&*0†DEBXBX{©
+Ñu0t0(¢
t0|©t0u0(	+
+›u0t03+ˆ+ù*Ð|&*0†AEXBBB%{©
+Ñu0u0(£
t0|©u0t0(	+
+›u0u03+ˆ+ù*Ð}&*0†.EB%XX{ª
+Ñu1u1(¢
t1|ªt1u1(
+
+›t1u13+ˆ+ù*Ð~&*0†AEBX%{ª
+Ñu1u1(£
t1|ªt1t1(
+
+›u1t13+ˆ+ù*Ð&*0/+&E


А&+Ü{•*>}•*Б&*05+&E¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0PDý


В&+Ü{­{y*0
{­}y*Г&*0/+&E



Д&+Ü{—*>}—*Е&*0W+&E

Ж&+Ü{¬~ê û~ê û‘~ê ‘a …_œ*V}¬(6*З&*05+&E


И&+Ü{­{w*0$
{­}w(6*Й&*0S+.E

&
К&+Ô{­{w,+Â+ú(*(%*>(&*Л&*0K+&E


М&+Ü{–~ê)~ê)‘~ê‘ae_œ*0`+.E-
-Н&+Ô(-+È+ú~ê~å Бœ*{­{x*0$
{­}x*О&*0<$sª}­(/}¬
{­}w+sÊ}–*П&*r(9{–oÙ*Р&*(
*04+&E

Т&+Ü{²o¾
*0*+&E

У&+Ü*0*+&E



Ф&+Ü*0*+&E
Ð¥&+Ü*0>~ê+4E¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0P“‰Ц& —‘ —‘Y+Î*0.+&E

Ч&+Üs
z0.+&E

Ш&+Üs
z0.+&E


Щ&+Üs
z0.+&E

Ъ&+Üs
z:(
*Ы&*0h
	E)1<{²o¾
Ú

+Ê{²oÁ
ÖoÂ
Ö
+­1
+¥+ú*Ь&*09+&E

Э&+Ü{²oÃ
Œ*0*+&E
Ю&+Ü*05+&E

Я&+Ü{²oÄ
*0I+&E

а&+Ü~êH~êH‘~å ø‘`6_œ**V{²oÅ
&*в&*0*+&E
г&+Ü*0N+.E&&&
д&+Ôu3,+È+út3(¯**0*+&E

е&+Ü*0DEu3,+Ö+út3(±*ж&*0CEu3,+Ö+út3(²*з&*0¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0PdËE Qc5 ~åv~åv‘Z$_œ2+Á+ú{²o¾
2+¬+ú! Â'¸Z(&sª
z{²oÁ
(²*и&*N{²oË
*й&*05+&E


к&+Ü|´{«*0/+&E

л&+Ü{³*0+(

|´u3}«+}³*м&*(
*0/+&E


о&+Ü{º*:(/*п&*0FE
,+Û+ú}ºo(9*ÐÀ&*04+&E
ÐÁ&+Ü{»oÍ
*0*+&E


ÐÂ&+Ü*0R+&E
ÐÃ&+Ü~ê A~ê A‘~ê ;‘Z ï_œ*0*+&E

ÐÄ&+Ü*0*+&E

ÐÅ&+Ü*0}+2E
F*
+ÐÆ&+Ð2+È+ú{»oÍ
2+³+ú!
 Á'¸Z(&sª
z{»oÎ
*0‡E< 2+Ö+ú{»oÍ
2+Á+ú! Á'¸Z(&sª
z{»oÏ¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0PÔS
|¼{«oÀ*ÐÇ&*00+&E


ÐÈ&+Ü(Æ*0DEu8,+Ö+út8(Ç*ÐÉ&*f(
sÐ
}»*ÐÊ&*0h
	E<1<{»oÍ
Ú

+Ê{»oÎ
ÖoÂ
Ö
+­1
+¥+ú*ÐË&*0O+&E

ÐÌ&+Ü{»oÑ
Œ~ê 
~å ­‘œ*0P+*E,
(,ÐÍ&+Ø{»oÒ
|¼{«oÀ+¶*0Y+&E

ÐÎ&+Ü{»oÓ
~ê ó~ê ó‘~ê‘X ª_œ*0~+;
	E
75?JÐÏ&	
+Ç{»oÍ
Ú

+³{»oÎ
3
+ +ú*Ö
+“1
+‹+ú*0¬En0nEa~ê ª~ê ª‘~ê ƒ‘aj_œ2+±+ú{»oÍ
2+œ+ú! Â'¸Z(&sª
z{»oÔ
|¼{«oÀ*ÐÐ&*V{»oÕ
&*ÐÑ&*0b+2E6
0,6ÐÒ&+Ðu8,+Ä+út8(Í(Ï
+ª
+¤*0N+.E&
&¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0Páþ
ÐÓ&+Ôu8,+È+út8(Î**0\+2E
0
**ÐÔ&+Ðu8,+Ä+út8(Ï
+°
+ª*0DEu8,+Ö+út8(Ð*ÐÕ&*0CEu8,+Ö+út8(Ñ*ÐÖ&*0˜E ! <2+Ö+ú{»oÍ
2+Á+ú! Â'¸Z(&sª
z{»oÎ
(Ñ*Ð×&~å ë~å ë‘` Ž_œ*N{»oÖ
*ÐØ&*0¤E|¼u3}«+{»oÑ

+
	E**+(×
|¼{«oÀ(Ø
-
+·+úÞ&+þoœ
Ü+þŒoœ
Ü+*ÐÙ&*"Rtp„(
*:(Ù
*ÐÛ&*:(
*Ðã&*:(
*Ðä&*0f+.E
:
Ðå&+Ô~â-+É+úrpÐA(j
oÚ
sÛ
€â+¤~â*0.+&E

Ðæ&+Ü~ã*:€ã*Ðç&*0.+&E

Ðè&+Ü~æ*:(Þ
*Ðé&*rsé(ß
tB€æ*Ðê&*t"ÎÊムlSystem.Resources.ResourceReader, ms¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0P¾Âcorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSetfSystem.Drawing.Icon, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aBj›š5$this.Icon@ÿÿÿÿQSystem.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aSystem.Drawing.IconIconDataIconSizeSystem.Drawing.Size	üÿÿÿSystem.Drawing.Sizewidthheight>  ( ( ¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0PµI¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0PµI¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0PµI¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0PµI¥[û˜[û˜ò6‰E{€¶¹¢ƒÀ¨8jPÀ0PµI

This file has been truncated. Go here to download in full.


keyword_perf.log - (16957 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 12/10/2018 -- 15:55:00
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9714140         2901            2901            81485           3348.00         3348.00         0.00           
  threshold        15500           2               1               8836            7750.00         8836.00         6664.00        
  content          54392226        2447            1192            507845          22228.00        22334.00        22127.00       
  pcre             2838738         495             49              40949           5734.00         7052.00         5590.00        
  byte_test        2127770         667             247             39221           3190.00         3462.00         3029.00        
  byte_jump        307370          108             48              4299            2846.00         3060.00         2674.00        
  isdataat         14273           5               2               3253            2854.00         2657.00         2986.00        
  flowbits         1044861         298             58              34309           3506.00         3313.00         3552.00        
  urilen           510002          132             30              24637           3863.00         3379.00         4006.00        
  byte_extract     128610          34              34              5435            3782.00         3782.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             9714140         2901            2901            81485           3348.00         3348.00         0.00           
  flowbits         1006198         291             51              34309           3457.00         3010.00         3552.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18209087        1082            433             472002          16829.00        26492.00        10381.00       
  pcre             751413          90              5               33318           8349.00         8372.00         8347.00        
  byte_test        2127770         667             247             39221           3190.00         3462.00         3029.00        
  byte_jump        274806          98              38              3916            2804.00         3008.00         2674.00        
  isdataat         14273           5               2               3253            2854.00         2657.00         2986.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         38663           7               7               8642            5523.00         5523.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        15500           2               1               8836            7750.00         8836.00         6664.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          737044          166             114             39819           4440.00         4689.00         3892.00        
  pcre             538597          76              22              40869           7086.00         6817.00         7196.00        
  urilen           510002          132             30              24637           3863.00         3379.00         4006.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15862           4               4               5085            3965.00         3965.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          353161          17              0               192965          20774.00        0.00            20774.00       
  pcre             35313           6               0               7672            5885.00         0.00            5885.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12318           4               0               3113            3079.00         0.00            3079.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          32687534        619             219             507845          52807.00        58077.00        49921.00       
  pcre             1149795         266             0               40949           4322.00         0.00            4322.00        
  byte_jump        32564           10              10              4299            3256.00         3256.00         0.00           
  byte_extract     128610          34              34              5435            3782.00         3782.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1509505         349             280             53812           4325.00         4415.00         3958.00        
  pcre             285131          43              14              20983           6630.00         7970.00         5984.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          150907          30              22              42100           5030.00         5621.00         3404.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13980           4               4               3667            3495.00         3495.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8903            2               0               4564            4451.00         0.00            4451.00        
  pcre             13693           2               0               7425            6846.00         0.00            6846.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          209161          50              40              29537           4183.00         4318.00         3641.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          356423          92              56              5190            3874.00         4189.00         3384.00        
  pcre             42109           8               8               6155            5263.00         5263.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          77573           14              12              29098           5540.00         5791.00         4036.00        
  pcre             22687           4               0               8255            5671.00         0.00            5671.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6754            2               0               3621            3377.00         0.00            3377.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          27632           8               4               4437            3454.00         3668.00         3239.00        
  ---------------------------------------------------------------------------------------------------------

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2018-12-10 15:54:35,989 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-12-10 15:54:36,750 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-12-10 15:54:36,750 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-12-10 15:54:36,751 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-12-10 15:54:36,751 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-12-10 15:54:36,751 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/9f8aaac364cca3d21ee8451e99231bfd56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12102018.1554-pcap_1.pcap -vvv -k none
2018-12-10 15:55:00,282 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-12-10 15:55:00,283 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.3019649982