Filename: 4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.6448328495 seconds
Hash: a0abb0edbe02382cc32ec0b2a8ac2a13
Uploaded: 1558447298

Logfiles


suricata-report-2019-05-21-T-14-02-05-05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap.txt - (17707 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a0abb0edbe02382cc32ec0b2a8ac2a1356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap -vvv -k none
elapsedtime:25.643082
stderr:
stdout:
21/5/2019 -- 14:01:39 - <Info> - Configuration node 'rule-files' redefined.
21/5/2019 -- 14:01:39 - <Notice> - This is Suricata version 4.0.0 RELEASE
21/5/2019 -- 14:01:39 - <Info> - CPUs/cores online: 1
21/5/2019 -- 14:01:39 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31972 and 'request-body-inspect-window' set to 17178 after randomization.
21/5/2019 -- 14:01:39 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33849 and 'response-body-inspect-window' set to 16392 after randomization.
21/5/2019 -- 14:01:39 - <Config> - DNS request flood protection level: 500
21/5/2019 -- 14:01:39 - <Config> - DNS per flow memcap (state-memcap): 524288
21/5/2019 -- 14:01:39 - <Config> - DNS global memcap: 16777216
21/5/2019 -- 14:01:39 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/5/2019 -- 14:01:39 - <Config> - preallocated 1000 hosts of size 136
21/5/2019 -- 14:01:39 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/5/2019 -- 14:01:39 - <Config> - using magic-file /usr/share/file/magic
21/5/2019 -- 14:01:39 - <Config> - Core dump size is unlimited.
21/5/2019 -- 14:01:39 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/5/2019 -- 14:01:39 - <Config> - preallocated 1000 defrag trackers of size 168
21/5/2019 -- 14:01:39 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/5/2019 -- 14:01:39 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/5/2019 -- 14:01:39 - <Config> - stream "memcap": 33554432
21/5/2019 -- 14:01:39 - <Config> - stream "midstream" session pickups: disabled
21/5/2019 -- 14:01:39 - <Config> - stream "async-oneside": disabled
21/5/2019 -- 14:01:39 - <Config> - stream "checksum-validation": disabled
21/5/2019 -- 14:01:39 - <Config> - stream."inline": disabled
21/5/2019 -- 14:01:39 - <Config> - stream "bypass": disabled
21/5/2019 -- 14:01:39 - <Config> - stream "max-synack-queued": 5
21/5/2019 -- 14:01:39 - <Config> - stream.reassembly "memcap": 134217728
21/5/2019 -- 14:01:39 - <Config> - stream.reassembly "depth": 0
21/5/2019 -- 14:01:39 - <Config> - stream.reassembly "toserver-chunk-size": 2671
21/5/2019 -- 14:01:39 - <Config> - stream.reassembly "toclient-chunk-size": 2669
21/5/2019 -- 14:01:39 - <Config> - stream.reassembly.raw: enabled
21/5/2019 -- 14:01:39 - <Config> - stream.reassembly "segment-prealloc": 2048
21/5/2019 -- 14:01:39 - <Config> - Delayed detect disabled
21/5/2019 -- 14:01:39 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/5/2019 -- 14:01:39 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/5/2019 -- 14:01:39 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/5/2019 -- 14:01:39 - <Config> - prefilter engines: MPM
21/5/2019 -- 14:01:39 - <Config> - IP reputation disabled
21/5/2019 -- 14:01:39 - <Perf> - Registered 148 keyword profiling counters.
21/5/2019 -- 14:01:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
21/5/2019 -- 14:01:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
21/5/2019 -- 14:01:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
21/5/2019 -- 14:01:45 - <Config> - No rules loaded from ET-icmp.rules.
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
21/5/2019 -- 14:01:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
21/5/2019 -- 14:01:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
21/5/2019 -- 14:01:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
21/5/2019 -- 14:01:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
21/5/2019 -- 14:01:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
21/5/2019 -- 14:01:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
21/5/2019 -- 14:01:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
21/5/2019 -- 14:01:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
21/5/2019 -- 14:01:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
21/5/2019 -- 14:01:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
21/5/2019 -- 14:01:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
21/5/2019 -- 14:01:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
21/5/2019 -- 14:01:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
21/5/2019 -- 14:01:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
21/5/2019 -- 14:01:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
21/5/2019 -- 14:01:52 - <Config> - No rules loaded from local.rules.
21/5/2019 -- 14:01:52 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
21/5/2019 -- 14:01:53 - <Info> - Threshold config parsed: 0 rule(s) found
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for tcp-packet
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for tcp-stream
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for udp-packet
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for other-ip
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_uri
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_request_line
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_client_body
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_response_line
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_header
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_header
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_header_names
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_header_names
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_accept
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_accept_enc
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_accept_lang
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_referer
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_connection
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_content_len
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_content_len
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_content_type
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_content_type
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_protocol
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_protocol
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_start
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_start
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_raw_header
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_raw_header
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_method
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_cookie
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_cookie
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_raw_uri
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_user_agent
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_host
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_raw_host
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_stat_msg
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_stat_code
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for dns_query
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for tls_sni
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for tls_cert_issuer
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for tls_cert_subject
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for tls_cert_serial
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for dce_stub_data
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for dce_stub_data
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for ssh_protocol
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for ssh_protocol
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for ssh_software
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for ssh_software
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for file_data
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for file_data
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_request_line
21/5/2019 -- 14:01:53 - <Perf> - using shared mpm ctx' for http_response_line
21/5/2019 -- 14:01:53 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
21/5/2019 -- 14:01:53 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/5/2019 -- 14:01:53 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
21/5/2019 -- 14:01:54 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
21/5/2019 -- 14:01:54 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
21/5/2019 -- 14:01:54 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
21/5/2019 -- 14:01:54 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
21/5/2019 -- 14:01:54 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/5/2019 -- 14:02:01 - <Perf> - Unique rule groups: 104
21/5/2019 -- 14:02:01 - <Perf> - Builtin MPM "toserver TCP packet": 35
21/5/2019 -- 14:02:01 - <Perf> - Builtin MPM "toclient TCP packet": 17
21/5/2019 -- 14:02:01 - <Perf> - Builtin MPM "toserver TCP stream": 33
21/5/2019 -- 14:02:01 - <Perf> - Builtin MPM "toclient TCP stream": 19
21/5/2019 -- 14:02:01 - <Perf> - Builtin MPM "toserver UDP packet": 27
21/5/2019 -- 14:02:01 - <Perf> - Builtin MPM "toclient UDP packet": 17
21/5/2019 -- 14:02:01 - <Perf> - Builtin MPM "other IP packet": 3
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_uri": 14
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_request_line": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient http_response_line": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_header": 10
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient http_header": 6
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_header_names": 2
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_accept": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_referer": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_content_len": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_content_type": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient http_content_type": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_protocol": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_start": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_method": 5
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_cookie": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient http_cookie": 2
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver http_host": 2
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver dns_query": 4
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver tls_sni": 2
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toserver file_data": 1
21/5/2019 -- 14:02:01 - <Perf> - AppLayer MPM "toclient file_data": 7
21/5/2019 -- 14:02:04 - <Perf> - Registered 39590 rule profiling counters.
21/5/2019 -- 14:02:04 - <Info> - fast output device (regular) initialized: alert
21/5/2019 -- 14:02:04 - <Info> - eve-log output device (regular) initialized: eve.json
21/5/2019 -- 14:02:04 - <Config> - enabling 'eve-log' module 'alert'
21/5/2019 -- 14:02:04 - <Config> - enabling 'eve-log' module 'http'
21/5/2019 -- 14:02:04 - <Config> - enabling 'eve-log' module 'dns'
21/5/2019 -- 14:02:04 - <Config> - enabling 'eve-log' module 'tls'
21/5/2019 -- 14:02:04 - <Config> - enabling 'eve-log' module 'files'
21/5/2019 -- 14:02:04 - <Config> - enabling 'eve-log' module 'ssh'
21/5/2019 -- 14:02:04 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/5/2019 -- 14:02:04 - <Info> - stats output device (regular) initialized: stats.log
21/5/2019 -- 14:02:04 - <Config> - AutoFP mode using "Hash" flow load balancer
21/5/2019 -- 14:02:04 - <Info> - reading pcap file /var/pcap/05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap
21/5/2019 -- 14:02:04 - <Config> - us

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-05-21-T-14-02-05-05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap.txt - (675 bytes) - download
1
2
3
04/29/2019-07:05:36.362784  [**] [1:2821116:2] ETPRO POLICY External IP DNS Lookup wtfismyip [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 192.168.100.239:62558 -> 192.168.100.2:53
04/29/2019-07:05:36.713153  [**] [1:2821200:4] ETPRO POLICY Observed External IP (wtfismyip) Lookup SSL Cert (Server Hello) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.239:49443 -> 198.27.74.146:443
04/29/2019-07:05:36.836720  [**] [1:2812782:3] ETPRO POLICY IP Check wtfismyip.com SSL [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 198.27.74.146:443 -> 192.168.100.239:49443


packet_stats.log - (12128 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            41          2627247       62053563      53507058          2.2b   57.83
 IPv4      17            52          5718008       64275550      26281061          1.4b   36.02
 IPv6      17            10          6564117       62551368      23312335        233.1m    6.15
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            41            69362        2371428        383151         15.7m   32.65
TMM_FLOWWORKER              IPv4      17            52           121272        3311868        398434         20.7m   43.06
TMM_RECEIVEPCAPFILE         IPv4       6            39             2533           3812          2894        112.9k    0.23
TMM_RECEIVEPCAPFILE         IPv4      17            52             2538          12418          3080        160.2k    0.33
TMM_DECODEPCAPFILE          IPv4       6            39             2730          18367          3553        138.6k    0.29
TMM_DECODEPCAPFILE          IPv4      17            52             2676          36173          3554        184.8k    0.38
TMM_FLOWWORKER              IPv6      17            10           110618        9433521       1101307         11.0m   22.89
TMM_RECEIVEPCAPFILE         IPv6      17            10             2540           3629          2973         29.7k    0.06
TMM_DECODEPCAPFILE          IPv6      17            10             2711          17557          4448         44.5k    0.09

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            39             2851          20841          3870        151.0k  0.35  
flow                    IPv4      17            52             2835         409165         12824        666.9k  1.57  
stream                  IPv4       6            41             3628         798407         56190          2.3m  5.41  
app-layer               IPv4      17            52             2523          61444          6340        329.7k  0.77  
detect                  IPv4       6            41            46054        2188276        282157         11.6m  27.15 
detect                  IPv4      17            52           104151        1392912        310725         16.2m  37.93 
tcp-prune               IPv4       6            41             2553         396153         13074        536.1k  1.26  
flow                    IPv6      17            10             2898          12214          6336         63.4k  0.15  
app-layer               IPv6      17            10             2537          13630          5738         57.4k  0.13  
detect                  IPv6      17            10            94225        9391594       1076864         10.8m  25.28 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
tls                     IPv4       6             4             3358           6732          4309         17.2k  26.29 
dns                     IPv4      17             4             5756          25821         12081         48.3k  73.71 
Proto detect            IPv4      17             9             2752          40435         14431        129.9k
Proto detect            IPv6      17             4             3279           7554          4536         18.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             2            32688          55235         43961         87.9k  3.45  
LOGGER_ALERT_FAST           IPv4      17             1           252341         252341        252341        252.3k  9.89  
LOGGER_UNIFIED2             IPv4       6             2            42310          46924         44617         89.2k  3.50  
LOGGER_UNIFIED2             IPv4      17             1           151267         151267        151267        151.3k  5.93  
LOGGER_JSON_ALERT           IPv4       6             2            66439          76170         71304        142.6k  5.59  
LOGGER_JSON_ALERT           IPv4      17             1          1348636        1348636       1348636          1.3m  52.86 
LOGGER_JSON_DNS             IPv4      17             4            60590          99425         79045        316.2k  12.39 
LOGGER_JSON_TLS             IPv4       6             2            30375         132603         81489        163.0k  6.39  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            20             2706         609792         63646         1.3m  27.70 
payload                           IPv4      17            52             3229         420422         23025         1.2m  26.06 
stream                            IPv4       6            20             2542         447057         73393         1.5m  31.94 
dns_query                         IPv4      17             2            11289         415377        213333       426.7k  9.29  
tls_sni                           IPv4       6             3             4061          13101          8357        25.1k  0.55  
tls_cert_issuer                   IPv4       6             2            10082          16789         13435        26.9k  0.58  
tls_cert_subject                  IPv4       6             2             6265           7882          7073        14.1k  0.31  
tls_cert_serial                   IPv4       6             2             6119           8167          7143        14.3k  0.31  
Total                             IPv4                   103                                         43156         4.4m
payload                           IPv6      17            10             3702          44314         14991       149.9k  3.26  
Total                             IPv6                    10                                         14991       149.9k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            57495         503123        188360        753.4k  1.79  
PROF_DETECT_IPONLY          IPv4      17             9            37952         272180         84603        761.4k  1.81  
PROF_DETECT_RULES           IPv4       6            41             2551        1597711         94897          3.9m  9.26  
PROF_DETECT_RULES           IPv4      17            52            45210        1176505        170542          8.9m  21.11 
PROF_DETECT_STATEFUL_START    IPv4       6             2            21033         131715         76374        152.7k  0.36  
PROF_DETECT_STATEFUL_CONT    IPv4       6            41             2533         159401         20210        828.6k  1.97  
PROF_DETECT_STATEFUL_CONT    IPv4      17            52             2722          69715          4677        243.2k  0.58  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            33             2545          21823          3313        109.4k  0.26  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2631         394866        100974        403.9k  0.96  
PROF_DETECT_PREFILTER       IPv4       6            41             8434         651441         94546          3.9m  9.23  
PROF_DETECT_PREFILTER       IPv4      17            52            24529         489248         65135          3.4m  8.06  
PROF_DETECT_PF_PAYLOAD      IPv4       6            20            23469         620931        144993          2.9m  6.90  
PROF_DETECT_PF_PAYLOAD      IPv4      17            52             8477         425932         28493          1.5m  3.53  
PROF_DETECT_PF_TX           IPv4       6            33             2664          55857          6909        228.0k  0.54  
PROF_DETECT_PF_TX           IPv4      17             2            16999         422551        219775        439.5k  1.05  
PROF_DETECT_PF_SORT1        IPv4       6            19             2589           5795          3291         62.5k  0.15  
PROF_DETECT_PF_SORT1        IPv4      17            52             2603         392587         11198        582.3k  1.39  
PROF_DETECT_PF_SORT2        IPv4       6            41             2530          26097          4495        184.3k  0.44  
PROF_DETECT_PF_SORT2        IPv4      17            52             2551          24246          3885        202.0k  0.48  
PROF_DETECT_NONMPMLIST      IPv4       6            41             2605          16755          3306        135.5k  0.32  
PROF_DETECT_NONMPMLIST      IPv4      17            52             2530         399585         12108        629.6k  1.50  
PROF_DETECT_ALERT           IPv4       6            41             2523          33620          3598        147.5k  0.35  
PROF_DETECT_ALERT           IPv4      17            52             2525          17524          3214        167.1k  0.40  
PROF_DETECT_CLEANUP         IPv4       6            41             2598          20644          3496        143.3k  0.34  
PROF_DETECT_CLEANUP         IPv4      17            52             2523           7143          2953        153.6k  0.37  
PROF_DETECT_GETSGH          IPv4       6            41             2539          44879          5060        207.5k  0.49  
PROF_DETECT_GETSGH          IPv4      17            52             2522          89091          5315        276.4k  0.66  
PROF_DETECT_IPONLY          IPv6      17             4             3612          23595         10489         42.0k  0.10  
PROF_DETECT_RULES           IPv6      17            10            33872         122337         67290        672.9k  1.60  
PROF_DETECT_STATEFUL_CONT    IPv6      17            10             2535           2810          2757         27.6k  0.07  
PROF_DETECT_PREFILTER       IPv6      17            10            25062        9253291        963357          9.6m  22.93 
PROF_DETECT_PF_PAYLOAD      IPv6      17            10             9020          49799         20316        203.2k  0.48  
PROF_DETECT_PF_SORT1        IPv6      17            10             2745           4354          3424         34.2k  0.08  
PROF_DETECT_PF_SORT2        IPv6      17            10             2553           5041          3151         31.5k  0.07  
PROF_DETECT_NONMPMLIST      IPv6      17            10             2525           3500          2991         29.9k  0.07  
PROF_DETECT_ALERT           IPv6      17            10             2531           5846          3012         30.1k  0.07  
PROF_DETECT_CLEANUP         IPv6      17            10             2530           9480          3381         33.8k  0.08  
PROF_DETECT_GETSGH          IPv6      17            10             2713          25765          6277         62.8k  0.15  


unified2.alert.1558447324 - (3533 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
4\Æ¢@‰ +ü!À¨dïÀ¨dô^5e\Æ¢@\Æ¢@‰ IRT6>ÿRTJ¯E;”€ïÛÀ¨dïÀ¨dô^5'
¡	wtfismyipcom4\Æ¢@
áÁ+P!À¨dïÆJ’Á#»í\Æ¢@\Æ¢@
áÁÑEÃðÀ¨dïÆJ’Á#»P:’–’\Æ¢@õÛG7P%÷s6³T/.Á\€Ù;&^A’+*</=5
À'ÀÀÀ+À#À,À$À	À
@2j8?ÿ
wtfismyip.com

4\Æ¢@Äp*ën!ÆJ’À¨dï»Á#\Æ¢@\Æ¢@ÄpìEÞÕÆJ’À¨dï»Á#P7«]YCÓµŸD±šYûûn‡ö稕€+	Žô5%DOWNGRD QÁW_—¼fÁ©—¸‰¼b£ã±n)×
ÅöŒäÌ5l"]oèÀ,ÿ	€	|	yÝ0‚Ù0‚Á ‚·OTî?'víg†U»SX¾0
	*†H†÷
0J10	UUS10U

Let's Encrypt1#0!ULet's Encrypt Authority X30
190427201707Z
190726201707Z010U
wtfismyip.com0Y0*†HÎ=*†HÎ=BÄu~ýïG`%1}fƒÿV˜NNë‰&ÓO‹ÖGîþS{VvѺóT<}-²Ì“ÿx
R&„A‰iqýc£‚´0‚°0Uÿ€0U%0++0Uÿ00U`0Þ{x¼q¼ØèWk;ž"OúF0U#0€¨Jjc}ݺæÑ9·¦Eeïó¨ì¡0o+c0a0.+0†"http://ocsp.int-x3.letsencrypt.org0/+0†#http://cert.int-x3.letsencrypt.org/0kUd0b‚*.gnu.gl‚*.ruoho.org‚*.tshtf.com‚*.wtfismyip.com‚gnu.gl‚	ruoho.org‚	tshtf.com‚
wtfismyip.com0LU E0C0g07+‚ß0(0&+http://cps.letsencrypt.org0‚
+ÖyôñïuâiK®&èé@	膶;ƒÔ>çþtˆû¤(“ÝñÛþj`¨­	F0D M^EèßÎð›Á55:VSkÒ¥´eÇÿN–&Ï
q„Ä3 Q‹cFŠ·rÉ¢ÃÖû¶ÚØf£¸Ž;C#¯˜Ù:;v)<Q–TÈ9eºªPüXÔ·o¿Xz)rܤÃôåEGôxj`¨«	G0E b—êÉ»v)×"à†ôTUÂÖd¸%|G“h˜Ò˜bQ!Œe	šÀ‹Aƒ&˦4d¨›(³aÝ-60¿šÓ†w3M/0
	*†H†÷
‚¥‚axâFCÄ­¤<‡^ü¶ˆA|՞Ž*Ðæ0†çIY½tMöo‹5$ßõ«—
þ}qÇULl‹ô|ÏN֕­ìûÌ*xE}nCÑòîØ+eˆ
A}),†ÃzL-øiˆ’\Æ¢@\Æ¢@ÄpìEÞÕÆJ’À¨dï»Á#Pñ]”‹TÜüooj>²=^¿ôì(¼ì6û·ˆòËêXŽ‚N–JƋôò3ÚöŽÐžlØσ?$…50Úlö!ü"Hâ>ܸ•EªÐÁ۞æièÜSþ	¦N`˜ßËG1çÌJ뙚A¶ñ'¹rí¾dêr‡–µù/<œ.µ~ú]‘pRDRS'8Ii4]
Ÿ¡XMh,–0‚’0‚z 
ABS…sj…ì§0
	*†H†÷
0?1$0"U
Digital Signature Trust Co.10UDST Root CA X30
160317164046Z
210317164046Z0J10	UUS10U

Let's Encrypt1#0!ULet's Encrypt Authority X30‚"0
	*†H†÷
‚0‚
‚œÓðZå.G·r]7ƒ³hc0ê×5&%á½¾5ñp’/·¸KA«©ž5Xì±*Äh‡£ãuäæó§bqºy`בšŸóÐxgqÈi•‘Ïþæ™é`<HÌ~ÊMw$GZë¹ì7œ¬{§êÎJë½Aå6˜¹Ëým<–hß#*B†tgÈ¥š¸Ra?e邇ËÛúVö†‰ó…?—†¯°Üïk
•}Ä+ e²™6u€k¬JóIx/¢–O* %)ÆtÀÐ1͏18•º¨3¸Cñ±Ã0¢y1=-6øãüò3j¹91ůč
d3ªú„)¶ÔÀØ}Ó£‚}0‚y0Uÿ0ÿ0Uÿ†0+s0q02+0†&http://isrg.trustid.ocsp.identrust.com0;+0†/http://apps.identrust.com/roots/dstrootcax3.p7c0U#0€ħ±¤{,qúÛáKuÿÄ`…‰0TU M0K0g0?+‚ß000.+"http://cps.root-x1.letsencrypt.org0<U50301 / -†+http://crl.identrust.com/DSTROOTCAX3CRL.crl0U¨Jjc}ݺæÑ9·¦Eeïó¨ì¡0
	*†H†÷
‚Ý3×ócX8Ýû	U¾vV¹pH¥iG'{Â$’ñZJ)7$tQbh¸Í•pgå÷¤¼N(Q͛讇êغZ¡šÜðÝjjØ>W#ž¦bšÿ×Ê·?À
H¼”°¶ebàÁTå£*­ Äéæ»ÜÈöµÃ2£˜Ìw¨æye+Ë(þ:R\Æ¢@\Æ¢@ÄpsEeƒNÆJ’À¨dï»Á#PûÎR._ƒèÕ3ûwlÎ@ê2ž’\AÁtl[]
_3ÌMŸ¬8ð/{,bÙ£‘o%/±F=ö~¦z‡¹£zmú%¥‘‡àò/X°/,h&ÆK˜ÍڟùíCJDNosz(ꤪn{L}‡ÝàÉD§‡¯Ã4[´B´°aøJh’@W·u¹šI‘{ ßðÖáFõQ‹&¸½÷¾>‘tßßXX"îÃî-Ÿð¹ª)ãb|ºP=í:ȐÁ©àExkÂ폾°Û*…Ž3x[ñje(§âtó×ïG0E!«²~´ýќ1º`÷iØ5rÀ¿ÂÙÂo™ü	ÚHYç ¯Ì&™Á¦†sÖÚØ«¯6:zhّ‹L3]ϞhÍ*8


stats.log - (2908 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
------------------------------------------------------------------------------------
Date: 5/21/2019 -- 14:02:05 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 278
decoder.bytes                              | Total                     | 29966
decoder.ipv4                               | Total                     | 91
decoder.ipv6                               | Total                     | 10
decoder.ethernet                           | Total                     | 278
decoder.tcp                                | Total                     | 39
decoder.udp                                | Total                     | 62
decoder.avg_pkt_size                       | Total                     | 107
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 11
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
tcp.rst                                    | Total                     | 2
detect.alert                               | Total                     | 3
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 10
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 9
flow.spare                                 | Total                     | 9996
flow_mgr.flows_checked                     | Total                     | 7
flow_mgr.flows_notimeout                   | Total                     | 7
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65529
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076320


eve.json - (3582 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
{"timestamp":"2019-04-29T07:05:36.362784+0000","flow_id":857548777359648,"pcap_cnt":77,"event_type":"alert","src_ip":"192.168.100.239","src_port":62558,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2821116,"rev":2,"signature":"ETPRO POLICY External IP DNS Lookup wtfismyip","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"dns"}
{"timestamp":"2019-04-29T07:05:36.362784+0000","flow_id":857548777359648,"pcap_cnt":77,"event_type":"dns","src_ip":"192.168.100.239","src_port":62558,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3489,"rrname":"wtfismyip.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-29T07:05:36.368161+0000","flow_id":857548777359648,"pcap_cnt":78,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.239","dest_port":62558,"proto":"UDP","dns":{"type":"answer","id":3489,"rcode":"NOERROR","rrname":"wtfismyip.com","rrtype":"A","ttl":264,"rdata":"198.27.74.146"}}
{"timestamp":"2019-04-29T07:05:36.713153+0000","flow_id":720620925012021,"pcap_cnt":87,"event_type":"alert","src_ip":"192.168.100.239","src_port":49443,"dest_ip":"198.27.74.146","dest_port":443,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2821200,"rev":4,"signature":"ETPRO POLICY Observed External IP (wtfismyip) Lookup SSL Cert (Server Hello)","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"tls"}
{"timestamp":"2019-04-29T07:05:36.713153+0000","flow_id":720620925012021,"pcap_cnt":87,"event_type":"tls","src_ip":"192.168.100.239","src_port":49443,"dest_ip":"198.27.74.146","dest_port":443,"proto":"TCP","tls":{"subject":"CN=wtfismyip.com","issuerdn":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"}}
{"timestamp":"2019-04-29T07:05:36.836720+0000","flow_id":720620925012021,"pcap_cnt":89,"event_type":"alert","src_ip":"198.27.74.146","src_port":443,"dest_ip":"192.168.100.239","dest_port":49443,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2812782,"rev":3,"signature":"ETPRO POLICY IP Check wtfismyip.com SSL","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"tls"}
{"timestamp":"2019-04-29T07:05:39.221410+0000","flow_id":1491284086972642,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.100.239","src_port":55310,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55489,"rrname":"discordapp.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-29T07:05:39.226829+0000","flow_id":1491284086972642,"pcap_cnt":97,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.239","dest_port":55310,"proto":"UDP","dns":{"type":"answer","id":55489,"rcode":"NOERROR","rrname":"discordapp.com","rrtype":"A","ttl":183,"rdata":"104.16.59.5"}}
{"timestamp":"2019-04-29T07:05:39.226829+0000","flow_id":1491284086972642,"pcap_cnt":97,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.239","dest_port":55310,"proto":"UDP","dns":{"type":"answer","id":55489,"rcode":"NOERROR","rrname":"discordapp.com","rrtype":"A","ttl":183,"rdata":"104.16.58.5"}}
{"timestamp":"2019-04-29T07:05:39.309037+0000","flow_id":626973458266532,"pcap_cnt":108,"event_type":"tls","src_ip":"192.168.100.239","src_port":49487,"dest_ip":"104.16.59.5","dest_port":443,"proto":"TCP","tls":{"subject":"OU=Domain Control Validated, OU=PositiveSSL, CN=discordapp.com","issuerdn":"C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA"}}


keyword_perf.log - (5693 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/21/2019 -- 14:02:05
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             62726           10              10              32404           6272.00         6272.00         0.00           
  content          1200655         337             131             17286           3562.00         4307.00         3089.00        
  pcre             1121521         17              0               998797          65971.00        0.00            65971.00       
  byte_test        264930          75              57              31611           3532.00         3190.00         4616.00        
  byte_jump        66819           19              15              9545            3516.00         3557.00         3363.00        
  isdataat         5915            2               0               2990            2957.00         0.00            2957.00        
  byte_extract     52655           16              16              11917           3290.00         3290.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             62726           10              10              32404           6272.00         6272.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1023900         288             122             17286           3555.00         4322.00         2991.00        
  pcre             1121521         17              0               998797          65971.00        0.00            65971.00       
  byte_test        264930          75              57              31611           3532.00         3190.00         4616.00        
  byte_jump        66819           19              15              9545            3516.00         3557.00         3363.00        
  isdataat         5915            2               0               2990            2957.00         0.00            2957.00        
  byte_extract     52655           16              16              11917           3290.00         3290.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_sni
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3903            1               1               3903            3903.00         3903.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_issuer
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33058           8               8               4673            4132.00         4132.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          139794          40              0               9029            3494.00         0.00            3494.00        


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-05-21 14:01:38,933 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-21 14:01:39,699 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-21 14:01:39,699 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-21 14:01:39,700 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-21 14:01:39,700 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-21 14:01:39,700 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a0abb0edbe02382cc32ec0b2a8ac2a1356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap -vvv -k none
2019-05-21 14:02:05,346 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-21 14:02:05,347 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.4227089882


suricata-4.0.0-etpro-all-perf.txt-2019-05-21-T-14-02-05-05212019.1357-4360ce60-8d0b-4f96-bbeb-7c43e3724dc8.pcap.txt - (15062 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
  --------------------------------------------------------------------------
  Date: 5/21/2019 -- 14:02:05. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2805348      1        4        2149579      23.33  15       0        1054866     143305.27   0.00        143305.27  
  2        2019230      1        2        434238       4.71   4        0        412618      108559.50   0.00        108559.50  
  3        2010143      1        3        556178       6.04   60       0        391022      9269.63     0.00        9269.63    
  4        2021749      1        6        415577       4.51   3        0        209255      138525.67   0.00        138525.67  
  5        2814978      1        2        368262       4.00   3        0        186326      122754.00   0.00        122754.00  
  6        2814979      1        2        283683       3.08   3        0        109304      94561.00    0.00        94561.00   
  7        2822213      1        2        218303       2.37   3        0        95717       72767.67    0.00        72767.67   
  8        2825567      1        3        85804        0.93   1        0        85804       85804.00    0.00        85804.00   
  9        2025330      1        1        84333        0.92   1        0        84333       84333.00    0.00        84333.00   
  10       2018005      1        6        186673       2.03   3        0        82703       62224.33    0.00        62224.33   
  11       2829214      1        2        77431        0.84   1        0        77431       77431.00    0.00        77431.00   
  12       2024720      1        3        66208        0.72   1        0        66208       66208.00    0.00        66208.00   
  13       2827202      1        3        65479        0.71   1        0        65479       65479.00    0.00        65479.00   
  14       2022914      1        1        72552        0.79   2        0        64140       36276.00    0.00        36276.00   
  15       2825453      1        2        63749        0.69   1        0        63749       63749.00    0.00        63749.00   
  16       2821200      1        4        62917        0.68   1        1        62917       62917.00    62917.00    0.00       
  17       2018457      1        1        79330        0.86   2        0        56089       39665.00    0.00        39665.00   
  18       2025194      1        1        95381        1.04   5        0        40967       19076.20    0.00        19076.20   
  19       2014701      1        12       64568        0.70   4        0        37033       16142.00    0.00        16142.00   
  20       2824801      1        3        36506        0.40   1        0        36506       36506.00    0.00        36506.00   
  21       2100518      1        8        91122        0.99   20       0        34841       4556.10     0.00        4556.10    
  22       2829561      1        1        94142        1.02   5        0        33970       18828.40    0.00        18828.40   
  23       2024227      1        3        79069        0.86   5        0        33955       15813.80    0.00        15813.80   
  24       2824799      1        3        33009        0.36   1        0        33009       33009.00    0.00        33009.00   
  25       2022547      1        1        56288        0.61   10       0        30982       5628.80     0.00        5628.80    
  26       2812782      1        3        30866        0.34   1        1        30866       30866.00    30866.00    0.00       
  27       2010140      1        7        259814       2.82   60       0        30428       4330.23     0.00        4330.23    
  28       2025193      1        1        67009        0.73   5        0        28420       13401.80    0.00        13401.80   
  29       2025189      1        1        69408        0.75   5        0        27546       13881.60    0.00        13881.60   
  30       2025192      1        1        62823        0.68   5        0        26904       12564.60    0.00        12564.60   
  31       2025191      1        1        61281        0.67   5        0        26856       12256.20    0.00        12256.20   
  32       2009702      1        5        53378        0.58   4        0        26177       13344.50    0.00        13344.50   
  33       2025190      1        1        61709        0.67   5        0        26004       12341.80    0.00        12341.80   
  34       2815451      1        2        60511        0.66   4        0        21015       15127.75    0.00        15127.75   
  35       2019083      1        2        20250        0.22   1        0        20250       20250.00    0.00        20250.00   
  36       2020608      1        4        20178        0.22   1        0        20178       20178.00    0.00        20178.00   
  37       2020610      1        3        19841        0.22   1        0        19841       19841.00    0.00        19841.00   
  38       2022543      1        1        36079        0.39   2        0        18327       18039.50    0.00        18039.50   
  39       2020779      1        3        17771        0.19   1        0        17771       17771.00    0.00        17771.00   
  40       2826281      1        2        33837        0.37   2        0        17439       16918.50    0.00        16918.50   
  41       2821116      1        2        20852        0.23   2        1        17380       10426.00    17380.00    3472.00    
  42       2803760      1        3        34232        0.37   2        0        17301       17116.00    0.00        17116.00   
  43       2018281      1        4        20095        0.22   2        0        16428       10047.50    0.00        10047.50   
  44       2014702      1        9        35718        0.39   4        0        15634       8929.50     0.00        8929.50    
  45       2014703      1        9        36361        0.39   4        0        15448       9090.25     0.00        9090.25    
  46       2811544      1        1        36838        0.40   4        0        15138       9209.50     0.00        9209.50    
  47       2811577      1        2        36500        0.40   4        0        14696       9125.00     0.00        9125.00    
  48       2805211      1        1        18452        0.20   2        0        10326       9226.00     0.00        9226.00    
  49       2018789      1        3        13516        0.15   3        0        4907        4505.33     0.00        4505.33    
  50       2008116      1        4        62192        0.68   20       0        4757        3109.60     0.00        3109.60    
  51       2008120      1        4        174280       1.89   62       0        4734        2810.97     0.00        2810.97    
  52       2809258      1        4        15882        0.17   4        0        4679        3970.50     0.00        3970.50    
  53       2017935      1        3        18440        0.20   5        0        4518        3688.00     0.00        3688.00    
  54       2023627      1        3        138067       1.50   48       0        4468        2876.40     0.00        2876.40    
  55       2019010      1        3        48352        0.52   16       0        4413        3022.00     0.00        3022.00    
  56       2001330      1        8        36141        0.39   12       0        4358        3011.75     0.00        3011.75    
  57       2023624      1        3        135983       1.48   50       0        4330        2719.66     0.00        2719.66    
  58       2103159      1        4        7951         0.09   2        0        4293        3975.50     0.00        3975.50    
  59       2824993      1        1        7530         0.08   2        0        4174        3765.00     0.00        3765.00    
  60       2008117      1        3        55010        0.60   19       0        4111        2895.26     0.00        2895.26    
  61       2013739      1        15       160715       1.74   58       0        4078        2770.95     0.00        2770.95    
  62       2019017      1        3        47298        0.51   16       0        4035        2956.12     0.00        2956.12    
  63       2009387      1        4        10910        0.12   3        0        4017        3636.67     0.00        3636.67    
  64       2823788      1        4        7703         0.08   2        0        4001        3851.50     0.00        3851.50    
  65       2802822      1        1        55552        0.60   19       0        3977        2923.79     0.00        2923.79    
  66       2023626      1        3        123496       1.34   46       0        3970        2684.70     0.00        2684.70    
  67       2023614      1        3        6493         0.07   2        0        3960        3246.50     0.00        3246.50    
  68       2802205      1        3        57453        0.62   20       0        3885        2872.65     0.00        2872.65    
  69       2023622      1        3        151737       1.65   56       0        3843        2709.59     0.00        2709.59    
  70       2806561      1        5        7212         0.08   2        0        3784        3606.00     0.00        3606.00    
  71       2021976      1        2        6826         0.07   2        0        3750        3413.00     0.00        3413.00    
  72       2023621      1        4        19492        0.21   7        0        3739        2784.57     0.00        2784.57    
  73       2024777      1        2        11849        0.13   4        0        3737        2962.25     0.00        2962.25    
  74       2015986      1        5        16026        0.17   5        0        3711        3205.20     0.00        3205.20    
  75       2801347      1        5        37111        0.40   13       0        3701        2854.69     0.00        2854.69    
  76       2010142      1        4        160356       1.74   60       0        3654        2672.60     0.00        2672.60    
  77       2823966      1        1        13726        0.15   4        0        3649        3431.50     0.00        3431.50    
  78       2808577      1        5        33186        0.36   12       0        3627        2765.50     0.00        2765.50    
  79       2025200      1        1        13059        0.14   4        0        3618        3264.75     0.00        3264.75    
  80       2804927      1        2        3608         0.04   1        0        3608        3608.00     0.00        3608.00    
  81       2828876      1        1        31343        0.34   10       0        3584        3134.30     0.00        3134.30    
  82       2102257      1        10       3580         0.04   1        0        3580        3580.00     0.00        3580.00    
  83       2019011      1        3        54943        0.60   19       0        3548        2891.74     0.00        2891.74    
  84       2811034      1        1        7063         0.08   2        0        3545        3531.50     0.00        3531.50    
  85       2023625      1        3        110590       1.20   42       0        3511        2633.10     0.00        2633.10    
  86       2807546      1        6        6719         0.07   2        0        3511        3359.50     0.00        3359.50    
  87       2018283      1        5        3501         0.04   1        0        3501        3501.00     0.00        3501.00    
  88       2103238      1        4        6329         0.07   2        0        3485        3164.50     0.00        3164.50    
  89       2008306      1        3        12684        0.14   4        0        3483        3171.00     0.00        3171.00    
  90       2021977      1        6        3483         0.04   1        0        3483        3483.00     0.00        3483.00    
  91       2102190      1        5        19717        0.21   6        0        3469        3286.17     0.00        3286.17    
  92       2808175      1        1        3456         0.04   1        0        3456        3456.00     0.00        3456.00    
  93       2102523      1        8        6526         0.07   2        0        3452        3263.00     0.00        3263.00    
  94       2825610      1        3        3395         0.04   1        0        3395        3395.00     0.00        3395.00    
  95       2009243      1        2        37518        0.41   13       0        3349        2886.00     0.00        2886.00    
  96       2809487      1        2        6671         0.07   2        0        3339        3335.50     0.00        3335.50    
  97       2008118      1        3        36887        0.40   13       0        3338        2837.46     0.00        2837.46    
  98       2021978      1        6        6579         0.07   2        0        3315        3289.50     0.00        3289.50    
  99       2816566      1        1        6414         0.07   2        0        3299        3207.00     0.00        3207.00    
  100      2008297      1        5        3272         0.04   1        0        3272        3272.00     0.00        3272.00    
  101      2809132      1        1        6485         0.07   2        0        3258        3242.50     0.00        3242.50    
  102      2019016      1        3        52775        0.57   19       0        3251        2777.63     0.00        2777.63    
  103      2103158      1        6        11723        0.13   4        0        3216        2930.75     0.00        2930.75    
  104      2016178      1        2        3211         0.03   1        0        3211        3211.00     0.00        3211.00    
  105      2102523      1        8        6259         0.07   2        0        3150        3129.50     0.00        3129.50    
  106      2023623      1        3        111448       1.21   42       0        3096        2653.52     0.00        2653.52    
  107      2016181      1        2        3071         0.03   1        0        3071        3071.00     0.00        3071.00    
  108      2023617      1        3        11463        0.12   4        0        3070        2865.75     0.00        2865.75    
  109      2023612      1        4        11840        0.13   4        0        3052        2960.00     0.00        2960.00    
  110      2016179      1        2        2987         0.03   1        0        2987        2987.00     0.00        2987.00    
  111      2013075      1        8        5436         0.06   2        0        2848        2718.00     0.00        2718.00    
  112      2023619      1        3        10592        0.11   4        0        2797        2648.00     0.00        2648.00    
  113      2023618      1        3        10233        0.11   4        0        2640        2558.25     0.00        2558.25    
  114      2012236      1        2        2582         0.03   1        0        2582        2582.00     0.00        2582.00