Filename: 5ec21016-513c-4a2c-b4a8-8959f3ff4f29.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.78686285019 seconds
Hash: a0ca568c283773e928fb560c1a084a7d
Uploaded: 1542541068

Logfiles


suricata-report-2018-11-18-T-11-37-58-11182018.1137-5ec21016-513c-4a2c-b4a8-8959f3ff4f29.pcap.txt - (18341 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/a0ca568c283773e928fb560c1a084a7dd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11182018.1137-5ec21016-513c-4a2c-b4a8-8959f3ff4f29.pcap -vvv -k none
elapsedtime:8.824531
stderr:
stdout:
18/11/2018 -- 11:37:49 - <Info> - Configuration node 'rule-files' redefined.
18/11/2018 -- 11:37:49 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/11/2018 -- 11:37:49 - <Info> - CPUs/cores online: 1
18/11/2018 -- 11:37:49 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31527 and 'request-body-inspect-window' set to 16538 after randomization.
18/11/2018 -- 11:37:49 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34343 and 'response-body-inspect-window' set to 15742 after randomization.
18/11/2018 -- 11:37:49 - <Config> - DNS request flood protection level: 500
18/11/2018 -- 11:37:49 - <Config> - DNS per flow memcap (state-memcap): 524288
18/11/2018 -- 11:37:49 - <Config> - DNS global memcap: 16777216
18/11/2018 -- 11:37:49 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/11/2018 -- 11:37:49 - <Config> - preallocated 1000 hosts of size 136
18/11/2018 -- 11:37:49 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/11/2018 -- 11:37:49 - <Config> - using magic-file /usr/share/file/magic
18/11/2018 -- 11:37:49 - <Config> - Core dump size is unlimited.
18/11/2018 -- 11:37:49 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/11/2018 -- 11:37:49 - <Config> - preallocated 1000 defrag trackers of size 168
18/11/2018 -- 11:37:49 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/11/2018 -- 11:37:49 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/11/2018 -- 11:37:49 - <Config> - stream "memcap": 33554432
18/11/2018 -- 11:37:49 - <Config> - stream "midstream" session pickups: disabled
18/11/2018 -- 11:37:49 - <Config> - stream "async-oneside": disabled
18/11/2018 -- 11:37:49 - <Config> - stream "checksum-validation": disabled
18/11/2018 -- 11:37:49 - <Config> - stream."inline": disabled
18/11/2018 -- 11:37:49 - <Config> - stream "bypass": disabled
18/11/2018 -- 11:37:49 - <Config> - stream "max-synack-queued": 5
18/11/2018 -- 11:37:49 - <Config> - stream.reassembly "memcap": 134217728
18/11/2018 -- 11:37:49 - <Config> - stream.reassembly "depth": 0
18/11/2018 -- 11:37:49 - <Config> - stream.reassembly "toserver-chunk-size": 2531
18/11/2018 -- 11:37:49 - <Config> - stream.reassembly "toclient-chunk-size": 2687
18/11/2018 -- 11:37:49 - <Config> - stream.reassembly.raw: enabled
18/11/2018 -- 11:37:49 - <Config> - stream.reassembly "segment-prealloc": 2048
18/11/2018 -- 11:37:49 - <Config> - Delayed detect disabled
18/11/2018 -- 11:37:49 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/11/2018 -- 11:37:49 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/11/2018 -- 11:37:49 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/11/2018 -- 11:37:49 - <Config> - prefilter engines: MPM
18/11/2018 -- 11:37:49 - <Config> - IP reputation disabled
18/11/2018 -- 11:37:49 - <Perf> - Registered 148 keyword profiling counters.
18/11/2018 -- 11:37:49 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
18/11/2018 -- 11:37:49 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
18/11/2018 -- 11:37:49 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
18/11/2018 -- 11:37:50 - <Config> - No rules loaded from ET-emerging-icmp.rules.
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
18/11/2018 -- 11:37:50 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
18/11/2018 -- 11:37:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
18/11/2018 -- 11:37:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
18/11/2018 -- 11:37:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
18/11/2018 -- 11:37:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
18/11/2018 -- 11:37:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
18/11/2018 -- 11:37:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
18/11/2018 -- 11:37:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
18/11/2018 -- 11:37:51 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
18/11/2018 -- 11:37:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
18/11/2018 -- 11:37:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
18/11/2018 -- 11:37:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
18/11/2018 -- 11:37:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
18/11/2018 -- 11:37:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
18/11/2018 -- 11:37:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
18/11/2018 -- 11:37:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
18/11/2018 -- 11:37:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
18/11/2018 -- 11:37:53 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
18/11/2018 -- 11:37:54 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
18/11/2018 -- 11:37:54 - <Config> - No rules loaded from local.rules.
18/11/2018 -- 11:37:54 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
18/11/2018 -- 11:37:54 - <Info> - Threshold config parsed: 0 rule(s) found
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for tcp-packet
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for tcp-stream
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for udp-packet
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for other-ip
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_uri
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_client_body
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_header
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_header
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_header_names
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_accept
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_accept_enc
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_accept_lang
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_referer
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_connection
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_content_len
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_content_type
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_protocol
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_start
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_start
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_raw_header
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_method
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_cookie
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_raw_uri
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_user_agent
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_host
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_raw_host
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_stat_msg
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_stat_code
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for dns_query
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for tls_sni
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for dce_stub_data
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for ssh_protocol
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for ssh_software
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for file_data
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for file_data
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_request_line
18/11/2018 -- 11:37:54 - <Perf> - using shared mpm ctx' for http_response_line
18/11/2018 -- 11:37:54 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
18/11/2018 -- 11:37:54 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/11/2018 -- 11:37:54 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
18/11/2018 -- 11:37:54 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
18/11/2018 -- 11:37:54 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
18/11/2018 -- 11:37:54 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
18/11/2018 -- 11:37:54 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
18/11/2018 -- 11:37:54 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/11/2018 -- 11:37:55 - <Perf> - Unique rule groups: 111
18/11/2018 -- 11:37:55 - <Perf> - Builtin MPM "toserver TCP packet": 31
18/11/2018 -- 11:37:55 - <Perf> - Builtin MPM "toclient TCP packet": 20
18/11/2018 -- 11:37:55 - <Perf> - Builtin MPM "toserver TCP stream": 31
18/11/2018 -- 11:37:55 - <Perf> - Builtin MPM "toclient TCP stream": 21
18/11/2018 -- 11:37:55 - <Perf> - Builtin MPM "toserver UDP packet": 33
18/11/2018 -- 11:37:55 - <Perf> - Builtin MPM "toclient UDP packet": 15
18/11/2018 -- 11:37:55 - <Perf> - Builtin MPM "other IP packet": 2
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_uri": 8
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_header": 6
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient http_header": 3
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_header_names": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_start": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_method": 3
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver http_host": 2
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver tls_sni": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toserver file_data": 1
18/11/2018 -- 11:37:55 - <Perf> - AppLayer MPM "toclient file_data": 5
18/11/2018 -- 11:37:56 - <Perf> - Registered 18241 rule profiling counters.
18/11/2018 -- 11:37:56 - <Info> - fast output device (regular) initialized: alert
18/11/2018 -- 11:37:56 - <Info> - eve-log output device (regular) initialized: eve.json
18/11/2018 -- 11:37:56 - <Config> - enabling 'eve-log' module 'alert'
18/11/2018 -- 11:37:56 - <Config> - enabling 'eve-log' module 'http'
18/11/2018 -- 11:37:56 - <Config> - enabling 'eve-log' module 'dns'
18/11/2018 -- 11:37:56 - <Config> - enabling 'eve-log' module 'tls'
18/11/2018 -- 11:37:56 - <Config> - enabling 'eve-log' 

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2018-11-18-T-11-37-58-11182018.1137-5ec21016-513c-4a2c-b4a8-8959f3ff4f29.pcap.txt - (32471 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 11/18/2018 -- 11:37:58. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2020573      1        2        5966526      9.10   1        1        5966526     5966526.00  5966526.00  0.00       
  2        2016854      1        3        668553       1.02   1        0        668553      668553.00   0.00        668553.00  
  3        2016855      1        2        621028       0.95   1        0        621028      621028.00   0.00        621028.00  
  4        2018959      1        3        545247       0.83   1        1        545247      545247.00   545247.00   0.00       
  5        2016538      1        3        416724       0.64   1        1        416724      416724.00   416724.00   0.00       
  6        2019165      1        3        397738       0.61   1        0        397738      397738.00   0.00        397738.00  
  7        2020865      1        3        7166378      10.94  57       0        230957      125725.93   0.00        125725.93  
  8        2019707      1        2        183158       0.28   2        0        119162      91579.00    0.00        91579.00   
  9        2008575      1        5        4237649      6.47   598      0        110847      7086.37     0.00        7086.37    
  10       2016537      1        2        4330686      6.61   257      8        101493      16850.92    69544.88    15157.94   
  11       2016112      1        3        530670       0.81   30       0        93767       17689.00    0.00        17689.00   
  12       2014819      1        3        86417        0.13   1        0        86417       86417.00    0.00        86417.00   
  13       2025408      1        2        111324       0.17   2        1        85771       55662.00    85771.00    25553.00   
  14       2017552      1        6        3933996      6.00   257      0        82882       15307.38    0.00        15307.38   
  15       2024452      1        3        499632       0.76   7        7        74740       71376.00    71376.00    0.00       
  16       2021787      1        2        277726       0.42   7        0        72312       39675.14    0.00        39675.14   
  17       2011457      1        8        68741        0.10   1        0        68741       68741.00    0.00        68741.00   
  18       2019094      1        5        261856       0.40   7        0        68358       37408.00    0.00        37408.00   
  19       2020962      1        3        235789       0.36   7        0        66251       33684.14    0.00        33684.14   
  20       2014442      1        6        303875       0.46   7        0        65514       43410.71    0.00        43410.71   
  21       2021413      1        2        268500       0.41   7        0        65067       38357.14    0.00        38357.14   
  22       2022482      1        3        64508        0.10   1        0        64508       64508.00    0.00        64508.00   
  23       2018241      1        2        64236        0.10   1        0        64236       64236.00    0.00        64236.00   
  24       2023711      1        2        64096        0.10   1        0        64096       64096.00    0.00        64096.00   
  25       2024829      1        2        1293540      1.97   55       0        63268       23518.91    0.00        23518.91   
  26       2020181      1        8        228410       0.35   7        0        60716       32630.00    0.00        32630.00   
  27       2013419      1        4        282687       0.43   7        0        60469       40383.86    0.00        40383.86   
  28       2016706      1        20       263338       0.40   7        0        60248       37619.71    0.00        37619.71   
  29       2023083      1        2        291380       0.44   8        0        60138       36422.50    0.00        36422.50   
  30       2017190      1        6        58250        0.09   1        0        58250       58250.00    0.00        58250.00   
  31       2014353      1        6        56119        0.09   1        0        56119       56119.00    0.00        56119.00   
  32       2023203      1        3        369497       0.56   7        7        54476       52785.29    52785.29    0.00       
  33       2011925      1        6        224768       0.34   7        0        51929       32109.71    0.00        32109.71   
  34       2022050      1        3        50670        0.08   1        0        50670       50670.00    0.00        50670.00   
  35       2017261      1        3        220740       0.34   7        0        50239       31534.29    0.00        31534.29   
  36       2017454      1        12       263661       0.40   7        0        49985       37665.86    0.00        37665.86   
  37       2022343      1        2        209632       0.32   7        0        47922       29947.43    0.00        29947.43   
  38       2009897      1        14       47174        0.07   1        0        47174       47174.00    0.00        47174.00   
  39       2013352      1        4        46539        0.07   1        0        46539       46539.00    0.00        46539.00   
  40       2021697      1        3        46150        0.07   1        0        46150       46150.00    0.00        46150.00   
  41       2011791      1        4        210324       0.32   7        0        46105       30046.29    0.00        30046.29   
  42       2008438      1        20       45789        0.07   1        0        45789       45789.00    0.00        45789.00   
  43       2017456      1        3        238176       0.36   7        0        45465       34025.14    0.00        34025.14   
  44       2016141      1        5        45119        0.07   1        0        45119       45119.00    0.00        45119.00   
  45       2024909      1        2        660027       1.01   32       0        45052       20625.84    0.00        20625.84   
  46       2022896      1        5        44791        0.07   1        0        44791       44791.00    0.00        44791.00   
  47       2014473      1        5        676991       1.03   44       0        44123       15386.16    0.00        15386.16   
  48       2018403      1        10       43900        0.07   1        0        43900       43900.00    0.00        43900.00   
  49       2012981      1        5        75831        0.12   2        0        43401       37915.50    0.00        37915.50   
  50       2023627      1        3        349192       0.53   95       0        42968       3675.71     0.00        3675.71    
  51       2009028      1        11       42500        0.06   1        0        42500       42500.00    0.00        42500.00   
  52       2024206      1        3        42476        0.06   1        1        42476       42476.00    42476.00    0.00       
  53       2009909      1        10       42236        0.06   1        0        42236       42236.00    0.00        42236.00   
  54       2024771      1        1        3218318      4.91   631      0        41791       5100.35     0.00        5100.35    
  55       2020963      1        2        223672       0.34   7        0        41723       31953.14    0.00        31953.14   
  56       2015547      1        4        41126        0.06   1        0        41126       41126.00    0.00        41126.00   
  57       2013441      1        9        41020        0.06   1        0        41020       41020.00    0.00        41020.00   
  58       2014189      1        3        205562       0.31   7        0        40985       29366.00    0.00        29366.00   
  59       2012115      1        6        43765        0.07   2        0        40790       21882.50    0.00        21882.50   
  60       2017119      1        4        207458       0.32   7        0        40396       29636.86    0.00        29636.86   
  61       2016181      1        2        172028       0.26   49       0        40315       3510.78     0.00        3510.78    
  62       2016143      1        3        672559       1.03   42       0        40157       16013.31    0.00        16013.31   
  63       2017264      1        2        192730       0.29   7        0        39426       27532.86    0.00        27532.86   
  64       2020643      1        3        204963       0.31   7        0        38827       29280.43    0.00        29280.43   
  65       2014471      1        6        37842        0.06   1        0        37842       37842.00    0.00        37842.00   
  66       2018982      1        2        37107        0.06   1        0        37107       37107.00    0.00        37107.00   
  67       2020569      1        1        37098        0.06   1        0        37098       37098.00    0.00        37098.00   
  68       2020860      1        4        164384       0.25   7        0        36910       23483.43    0.00        23483.43   
  69       2022901      1        2        205884       0.31   7        0        36853       29412.00    0.00        29412.00   
  70       2019714      1        10       36630        0.06   1        0        36630       36630.00    0.00        36630.00   
  71       2022270      1        2        36361        0.06   1        0        36361       36361.00    0.00        36361.00   
  72       2016029      1        3        36097        0.06   1        0        36097       36097.00    0.00        36097.00   
  73       2023078      1        2        160953       0.25   7        0        36057       22993.29    0.00        22993.29   
  74       2010140      1        7        702628       1.07   218      0        36039       3223.06     0.00        3223.06    
  75       2022942      1        2        35915        0.05   1        0        35915       35915.00    0.00        35915.00   
  76       2020826      1        7        35884        0.05   1        0        35884       35884.00    0.00        35884.00   
  77       2021718      1        4        213137       0.33   7        0        35869       30448.14    0.00        30448.14   
  78       2020706      1        2        198339       0.30   7        0        35361       28334.14    0.00        28334.14   
  79       2020941      1        2        35315        0.05   1        0        35315       35315.00    0.00        35315.00   
  80       2017556      1        3        227995       0.35   7        0        35274       32570.71    0.00        32570.71   
  81       2024775      1        1        123516       0.19   30       0        35263       4117.20     0.00        4117.20    
  82       2024239      1        3        204074       0.31   7        0        35130       29153.43    0.00        29153.43   
  83       2021245      1        6        35020        0.05   1        0        35020       35020.00    0.00        35020.00   
  84       2017076      1        9        233040       0.36   7        0        34948       33291.43    0.00        33291.43   
  85       2020083      1        3        196559       0.30   7        0        34732       28079.86    0.00        28079.86   
  86       2018928      1        3        34534        0.05   1        0        34534       34534.00    0.00        34534.00   
  87       2016578      1        5        34453        0.05   1        0        34453       34453.00    0.00        34453.00   
  88       2022550      1        16       34207        0.05   1        0        34207       34207.00    0.00        34207.00   
  89       2008377      1        5        198834       0.30   7        0        34104       28404.86    0.00        28404.86   
  90       2022658      1        4        34077        0.05   1        0        34077       34077.00    0.00        34077.00   
  91       2018028      1        4        193638       0.30   7        0        34064       27662.57    0.00        27662.57   
  92       2022830      1        2        34056        0.05   1        0        34056       34056.00    0.00        34056.00   
  93       2016097      1        4        33817        0.05   1        0        33817       33817.00    0.00        33817.00   
  94       2022552      1        2        669007       1.02   32       0        33405       20906.47    0.00        20906.47   
  95       2021418      1        9        205591       0.31   7        0        33110       29370.14    0.00        29370.14   
  96       2016503      1        2        668831       1.02   44       0        32388       15200.70    0.00        15200.70   
  97       2016948      1        2        531224       0.81   34       0        32182       15624.24    0.00        15624.24   
  98       2023077      1        2        155104       0.24   7        0        32124       22157.71    0.00        22157.71   
  99       2021552      1        2        201108       0.31   7        0        31513       28729.71    0.00        28729.71   
  100      2008120      1        4        644460       0.98   220      0        31457       2929.36     0.00        2929.36    
  101      2024606      1        2        189516       0.29   7        0        30323       27073.71    0.00        27073.71   
  102      2017948      1        2        194259       0.30   7        0        30136       27751.29    0.00        27751.29   
  103      2018421      1        2        29361        0.04   1        0        29361       29361.00    0.00        29361.00   
  104      2016499      1        14       29249        0.04   1        0        29249       29249.00    0.00        29249.00   
  105      2015877      1        6        199206       0.30   7        0        29179       28458.00    0.00        28458.00   
  106      2013036      1        7        28936        0.04   1        0        28936       28936.00    0.00        28936.00   
  107      2017814      1        3        193531       0.30   7        0        28898       27647.29    0.00        27647.29   
  108      2021747      1        9        190981       0.29   7        0        28623       27283.00    0.00        27283.00   
  109      2013037      1        7        28516        0.04   1        0        28516       28516.00    0.00        28516.00   
  110      2022940      1        2        28468        0.04   1        0        28468       28468.00    0.00        28468.00   
  111      2018793      1        4        152047       0.23   7        0        28381       21721.00    0.00        21721.00   
  112      2014519      1        7        103259       0.16   26       0        28371       3971.50     0.00        3971.50    
  113      2018581      1        3        28252        0.04   1        0        28252       28252.00    0.00        28252.00   
  114      2018121      1        4        28207        0.04   1        0        28207       28207.00    0.00        28207.00   
  115      2018254      1        4        28126        0.04   1        0        28126       28126.00    0.00        28126.00   
  116      2021399      1        3        189187       0.29   7        0        28017       27026.71    0.00        27026.71   
  117      2102257      1        10       159794       0.24   49       0        27945       3261.10     0.00        3261.10    
  118      2018556      1        2        27917        0.04   1        0        27917       27917.00    0.00        27917.00   
  119      2020964      1        2        188970       0.29   7        0        27888       26995.71    0.00        26995.71   
  120      2024650      1        1        738456       1.13   51       0        27647       14479.53    0.00        14479.53   
  121      2018385      1        3        27603        0.04   1        0        27603       27603.00    0.00        27603.00   
  122      2020991      1        2        27577        0.04   1        0        27577       27577.00    0.00        27577.00   
  123      2020960      1        2        27133        0.04   1        0        27133       27133.00    0.00        27133.00   
  124      2016502      1        2        642028       0.98   44       0        26594       14591.55    0.00        14591.55   
  125      2001330      1        8        

This file has been truncated. Go here to download in full.


packet_stats.log - (17100 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           975           114663      300007037     208691325        203.5b   79.48
 IPv4      17            52          3768427      294194360      32601603          1.7b    0.66
 IPv6      17           168          3493003      300697904     250201781         42.0b   16.42
 IPv6      58            38         40870652      299152425     231336042          8.8b    3.43
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           975            67908       16107864        288042        280.8m   81.57
TMM_FLOWWORKER              IPv4      17            52           130590       15810008        498255         25.9m    7.53
TMM_RECEIVEPCAPFILE         IPv4       6           967             2545         154061          3301          3.2m    0.93
TMM_RECEIVEPCAPFILE         IPv4      17            52             2558           4249          3048        158.5k    0.05
TMM_DECODEPCAPFILE          IPv4       6           967             2648          34510          2927          2.8m    0.82
TMM_DECODEPCAPFILE          IPv4      17            52             2686           9055          3183        165.5k    0.05
TMM_FLOWWORKER              IPv6      17           168            99449         585886        161042         27.1m    7.86
TMM_FLOWWORKER              IPv6      58            38            66059         114881         74943          2.8m    0.83
TMM_RECEIVEPCAPFILE         IPv6      17           168             2556          10769          2859        480.4k    0.14
TMM_RECEIVEPCAPFILE         IPv6      58            38             2551           4083          2878        109.4k    0.03
TMM_DECODEPCAPFILE          IPv6      17           168             2689          35664          3278        550.9k    0.16
TMM_DECODEPCAPFILE          IPv6      58            38             2702          14610          3851        146.3k    0.04

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           967             2818        6161309          9885          9.6m  3.21  
flow                    IPv4      17            52             2842          10532          3787        196.9k  0.07  
stream                  IPv4       6           975             2694         421402          9774          9.5m  3.20  
app-layer               IPv4      17            52             2538          32845          4790        249.1k  0.08  
detect                  IPv4       6           975            45073       15344055        244576        238.5m  80.01 
detect                  IPv4      17            52           114260         400101        177990          9.3m  3.11  
tcp-prune               IPv4       6           975             2547         169793          3321          3.2m  1.09  
flow                    IPv6      17           168             2809          66630          4172        701.0k  0.24  
flow                    IPv6      58            38             2827           5669          3141        119.4k  0.04  
app-layer               IPv6      17           168             2533          30325          4927        827.9k  0.28  
detect                  IPv6      17           168            83143         456773        139842         23.5m  7.88  
detect                  IPv6      58            38            55289         103542         63113          2.4m  0.80  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             7             3583          57529         16334        114.3k  22.59 
dns                     IPv4      17             4             4516          12122          7788         31.2k  6.15  
failed                  IPv4       6             2             3114           4305          3709          7.4k  1.47  
http                    IPv6      17            27             7010          28157         12492        337.3k  66.63 
failed                  IPv6      17             6             2669           2669          2669         16.0k  3.16  
Proto detect            IPv4       6             3             5019          11096          7394         22.2k
Proto detect            IPv4      17             9             2766          12392          5853         52.7k
Proto detect            IPv6      17            53             2730          23489          3813        202.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            10            27918         468138        100163          1.0m  5.28  
LOGGER_UNIFIED2             IPv4       6            10            36058         211951         78991        789.9k  4.16  
LOGGER_JSON_ALERT           IPv4       6            10            48569         133677         92331        923.3k  4.87  
LOGGER_JSON_DNS             IPv4      17             4            33679       15348545       3869431         15.5m  81.61 
LOGGER_JSON_HTTP            IPv4       6             8            32905         177830         71144        569.2k  3.00  
LOGGER_JSON_FILE            IPv4       6             2            56382         148418        102400        204.8k  1.08  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           683             2626         117493         17875        12.2m  13.54 
payload                           IPv4      17            52             3220          95240         13258       689.4k  0.76  
stream                            IPv4       6           683             2537         849005         27049        18.5m  20.49 
http_uri                          IPv4       6             8            12371          68225         27159       217.3k  0.24  
http_request_line                 IPv4       6             8             5275           8915          6551        52.4k  0.06  
http_client_body                  IPv4       6             8             2892           3833          3185        25.5k  0.03  
http_header (request)             IPv4       6             8            10249          19500         14008       112.1k  0.12  
http_header (request trailer)     IPv4       6             8             2603           2761          2645        21.2k  0.02  
http_header_names (request)       IPv4       6             8             4999          24706          8982        71.9k  0.08  
http_accept (request)             IPv4       6             8             3168           4341          3630        29.0k  0.03  
http_referer (request)            IPv4       6             8             2816           3757          3197        25.6k  0.03  
http_content_len (request)        IPv4       6             8             2771           3811          3169        25.4k  0.03  
http_content_type (request)       IPv4       6             8             2879           4203          3259        26.1k  0.03  
http_start (request)              IPv4       6             8             5823           9655          7422        59.4k  0.07  
http_raw_header (request)         IPv4       6             8             6741           9042          7775        62.2k  0.07  
http_method                       IPv4       6             8             3483           5697          4295        34.4k  0.04  
http_cookie (request)             IPv4       6             8             2807           3796          3150        25.2k  0.03  
http_raw_uri                      IPv4       6             8             3626           6944          5536        44.3k  0.05  
http_user_agent                   IPv4       6             8             2737           3568          3104        24.8k  0.03  
http_host                         IPv4       6             8             5446           9433          7218        57.8k  0.06  
dns_query                         IPv4      17             2             9178          11652         10415        20.8k  0.02  
http_response_line                IPv4       6             6             6735          12149          9352        56.1k  0.06  
http_header (response)            IPv4       6             6            20138          51831         36638       219.8k  0.24  
http_header (response trailer)    IPv4       6             6             3146           5198          4425        26.6k  0.03  
http_content_type (response)      IPv4       6             6             4879          28397         10531        63.2k  0.07  
http_raw_header (response)        IPv4       6           636             3737          55452          4578         2.9m  3.23  
http_cookie (response)            IPv4       6             6             3041           3798          3446        20.7k  0.02  
http_stat_code                    IPv4       6             6             3658           4960          4177        25.1k  0.03  
file_data (http response)         IPv4       6           636             2561       10466827         83941        53.4m  59.22 
Total                             IPv4                  2864                                         31081        89.0m
payload                           IPv6      17           168             2975          38232          5641       947.8k  1.05  
payload                           IPv6      58            38             2731          49694          4703       178.7k  0.20  
Total                             IPv6                   206                                          5468         1.1m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            12             9047          47587         24180        290.2k  0.08  
PROF_DETECT_IPONLY          IPv4      17             9            19610          48727         33417        300.8k  0.08  
PROF_DETECT_RULES           IPv4       6           975             2540        7710966         64838         63.2m  16.73 
PROF_DETECT_RULES           IPv4      17            52            56075         237698         90636          4.7m  1.25  
PROF_DETECT_STATEFUL_START    IPv4       6           398             5108        6802651         64324         25.6m  6.77  
PROF_DETECT_STATEFUL_CONT    IPv4       6           975             2520         131400         16363         16.0m  4.22  
PROF_DETECT_STATEFUL_CONT    IPv4      17            52             2523          31927          3694        192.1k  0.05  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           918             2553          31578          2946          2.7m  0.72  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2599           3600          3065         12.3k  0.00  
PROF_DETECT_PREFILTER       IPv4       6           975             7896       11431673        121313        118.3m  31.30 
PROF_DETECT_PREFILTER       IPv4      17            52            24064         122296         40548          2.1m  0.56  
PROF_DETECT_PF_PAYLOAD      IPv4       6           683            13133         889125         53547         36.6m  9.68  
PROF_DETECT_PF_PAYLOAD      IPv4      17            52             8288         100887         18841        979.7k  0.26  
PROF_DETECT_PF_TX           IPv4       6           918             2565       10483804         70482         64.7m  17.12 
PROF_DETECT_PF_TX           IPv4      17             2            15131          17818         16474         32.9k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6           354             2520         388849          4476          1.6m  0.42  
PROF_DETECT_PF_SORT1        IPv4      17            52             2761           6124          3659        190.3k  0.05  
PROF_DETECT_PF_SORT2        IPv4       6           975             2521          41203          3044          3.0m  0.79  
PROF_DETECT_PF_SORT2        IPv4      17            52             2557           4544          3003        156.2k  0.04  
PROF_DETECT_NONMPMLIST      IPv4       6           975             2536          35822          3028          3.0m  0.78  
PROF_DETECT_NONMPMLIST      IPv4      17            52             2525           4026          2983        155.2k  0.04  
PROF_DETECT_ALERT           IPv4       6           975             2521          52288          3142          3.1m  0.81  
PROF_DETECT_ALERT           IPv4      17            52             2534           3606          2822        146.8k  0.04  
PROF_DETECT_CLEANUP         IPv4       6           975             2560         386826          3448          3.4m  0.89  
PROF_DETECT_CLEANUP         IPv4      17            52             2529           5124          2931        152.4k  0.04  
PROF_DETECT_GETSGH          IPv4       6           975             2520          41006          3072          3.0m  0.79  
PROF_DETECT_GETSGH          IPv4      17            52             2603          11924          3650        189.8k  0.05  
PROF_DETECT_IPONLY          IPv6      17            53             2912          12011          3743        198.4k  0.05  
PROF_DETECT_IPONLY          IPv6      58             2             7311          10745          9028         18.1k  0.00  
PROF_DETECT_RULES           IPv6      17           168            23493         292138         68944         11.6m  3.06  
PROF_DETECT_RULES           IPv6      58            38             2538           3809          2768        105.2k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv6      17           168             2513           3682          2850        478.9k  0.13  
PROF_DETECT_STATEFUL_CONT    IPv6      58            38             2725           3819          2948        112.0k  0.03  
PROF_DETECT_PREFILTER       IPv6      17           168            23776          79505         28836          4.8m  1.28  
PROF_DETECT_PREFILTER       IPv6      58            38            18369          66540         22288        846.9k  0.22  
PROF_DETECT_PF_PAYLOAD      IPv6      17           168             8058          44552         11115          1.9m  0.49  
PROF_DETECT_PF_PAYLOAD      IPv6      58            38             7785          55905         10022        380.8k  0.10  
PROF_DETECT_PF_SORT1        IPv6      17           168             2608          15584          3355        563.7k  0.15  
PROF_DETECT_PF_SORT2        IPv6      17           168             2549          16911          2874        482.9k  0.13  
PROF_DETECT_PF_SORT2        IPv6      58            38             2520           3312          2645        100.5k  0.03  
PROF_DETECT_NONMPMLIST      IPv6      17           168             2527          19354          3021        507.6k  0.13  
PROF_DETECT_NONMPMLIST      IPv6      58            38             2536           3608          2845        108.1k  0.03  
PROF_DETECT_ALERT     

This file has been truncated. Go here to download in full.


unified2.alert.1542541076 - (23821 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
4Z€}â—ß#À¨d
13äÍÑõP·Z€}Z€}â—›E¸À¨d
13äÍÑõPP¶]GET /q2/index.php?id=93713204&c=1&mk=75490e&il=H&vr=1.73&bt=32 HTTP/1.1
Host: wassronledorhad.in

4Z€}â—äÀ¨d
13äÍÑõP·Z€}Z€}â—›E¸À¨d
13äÍÑõPP¶]GET /q2/index.php?id=93713204&c=1&mk=75490e&il=H&vr=1.73&bt=32 HTTP/1.1
Host: wassronledorhad.in

4Z€~¼PΏ!EœðÀ¨d
PÒjZ€~Z€~¼PNE@[LEœðÀ¨d
PÒP,·ivilegeA.tmpA~nsu _?=TMPTEMPLow\Temp /D=NCRCNSIS ErrorError writing temporary file. Make sure your temp folder is valid.ÿÿÿÿñ@@YI@æC@Q@ŸC@_Nb.exeopen%u.%u%s%s(g˜£@|£@˜£@h£@˜£@L£@@£@0£@@£@£@£@¨£@ü¢@ð¢@Ü¢@Ô¢@¼¢@Ô¢@¨¢@Ô¢@˜¢@VerQueryValueAGetFileVersionInfoAGetFileVersionInfoSizeAVERSIONSHGetFolderPathASHFOLDERSHAutoCompleteSHLWAPISHELL32InitiateShutdownARegDeleteKeyExAADVAPI32GetUserDefaultUILanguageGetDiskFreeSpaceExASetDefaultDllDirectoriesKERNEL32\*.*nsa
[[Rename]
%s=%s
NUL*?|<>/":%s%s.dll?ÿÿÿÿÿÿÿ?ÿÿÿ	8€P€x€€¨€À€jZ€~Z€~¼PNE@[LEœðÀ¨d
PÒP²¸i؀jð€o€g €8€P€	h	x	ˆ	˜	¨	¸	ÈؑèÀ”À•à–`@—X—X™>( @€€€€€€€€€€€€€ÀÀÀÿÿÿÿÿÿÿÿÿÿÿÿwxÝxøðˆÝ™€p‡øýٙˆxøð‡xˆÙ˜ˆ€xw‡‡øو‹°xøð‡xxxp	‹»°€xw‡‡»¸€xøð‡xˆ»xxp€xx»‰°‡‡€ÿð‡{¸›½ÿxxpÿðxw‰»½ø÷‡ÿð‡‡›»Ýxˆˆÿðˆˆ{½Ýˆøðˆpÿðˆˆ}݈€wwˆpÿðˆˆ÷wwÿÿÿÿpwwpˆˆwwwwwwwxpwwpˆˆ€ÿÿ÷ˆˆˆˆˆˆˆˆ‡wwwwpˆÿÿÿÿÿÿÿ‡wwð‡wwpð‡ÿÿðð‡wwpðð‡ðÿÿð‡ðÿÿð‡ðÿð‡ðÿ‡ð‡ð‡ÿÿÿÿÿÿÿ‡wwwwwwwwÿþÿÀøÿÀpÿÀ ÀÀ?À?À`?À`?À?À?ÀÀÀÀÀÀÀ€øüþÿÿøÿøÿøÿøÿøÿøÿøÿüÿÿHʀ¢MS Shell Dlg@«Ž2ÿÿ€Pߎ2ÿÿ€PŽ2ÿÿ€jZ€~Z€~¼PNE@[LEœðÀ¨d
PÒP4–PŠÿÿÿÿÿÿ‚@
‚úÿÿ‚X;‘lÿÿ‚ÿÿH@
‚MS Shell Dlg€P
ñìmsctls_progress32ŒPñîÿÿ‚@@	høSysListView32Pÿÿ‚ÿÿgP<ÿÿ€ÿÿÈ€¢MS Shell DlgP”ÿÿ‚  è4VS_VERSION_INFO½ïþ^StringFileInfo:040904e4<CompanyNameLand Cruse AGFFileDescriptionLand Cruse 1.0$FileVersion1DLegalCopyrightLand Cruse Ltd.6ProductNameLand CruseDVarFileInfo$Translation	ä<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.01</description><trustIjZ€~Z€~¼PNE@[LEœðÀ¨d
PÒPR.nfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>ï¾­ÞNullsoftInsäYø£¬€í[}lÅŸÝ=;±Á|§%)Å¤Á	öaß\ ہÛ	þ(M1‚õÝØ^²·{ìîù#-íh„ˆ"•–¨µƒ…J!R©ÊEj©*TÚª_R‘ BmÔÒP¥ôÍÞ®on½3go|—S›Æw»oÞ{¿÷æ½7{y!Ô( ç"ŸäkWB{E„öäž_¿=÷üÏÛQÑëSêÊ=@èyøøÜ׃ÌËÄÂ>A:Éׯ)¦]§çï]w¡èÔuê:uýŸ_§Aۂr5ÒÕAƒ’‡úh«Ï=Ú6
Ê3ZÆÐGt½ËáˊÁ´ó í‡.·úêÞ{Ðê\;P€N‚óN†¾FhDžF=(¾Ó6Z-‡f†´ïEpOû&æ7ÂçÙ÷Ÿ}„v|€6í­2á|)ÎRaùEHŸssâ§>™« §òå²2øSoÁY7k]Þõ>™'®gq-øƒ¦½Î y>#r£ÚÇÚzèjZ€~Z€~¼PNE@[LEœðÀ¨d
PÒP]Hëeðu£.^ŽS~{Ömž
ô8<³Àq(•}ۄÊÉÍ{CÆ5ÉÍ×\ށ2øìpœ+ݜøæÇ5±áîó›(ÚùŸÿºÐ¥Þ£B!V¢¯šâûD(¤y2?e`]¿Ý˧‹ÄBhgˆÁµç#]_ž,ó|{g‘¹C+c®¬+'o7ˆájäªFŽ»­”ãwkùìþ"Xçc!|g—y~x´‚|v¸‚°¼©Ÿg@ûgRÏrëÝ'âüšü1Ï·‹ÁçÔV±§(Û~¡K5Òüù¨T>«“ÂՉ)·¾ÞÍr›7<ÀYîá¬?éyeïIÞÇÕñK£T¾¸n‘*gŽ‹‡ˆ—b{’CÚÔ¾ƒ\¯º-hÍþÃ2ÄDŸT9µngȼ%9æÍï3n;ÑýæAιOæÇeÎéçOBìzûâCT_ìZ„ÏKK»ï/•¯ßéëÕV‡8ó(•}Œ#!så5¡¼ö}XAµ.ÌüÇ{ÝÆ;3¾€:;|/ Îf¶LÞùü¹‘ÅŸÏ/ç–ç%%Äù—%Ä-!ο.!ΫKˆóèâÜRBœÇ–ç-%Äéÿ1A¤H
áá¼½„8«„…ûs!ïñTÀºzåÂk2©»„gg$ø]ÝéȺçAàÙëòÕ	…8g9çŠ3'0ÿ…µï±HðyÏBì[°ÿ0„}¼÷ÅDæùûÝîU{¯}€²ísBa²®bsêí}‰M;Æá[ËPz¾‹ç@$øÜFdì/Vºë,Â7à¢ohk„`¾8#7¹66¸|ÞçJ·§ïã|ž…Åó)‡Ö×ä>oZ€¾Uîy64	Ã"RöùQãpÌG¨3å‚ßÃdúx<,Q!ÜZäЍ׈³neåLص)y's1¯ûíÈqŽ¾qæªë8õå)!\¾ó|ÆßRQ1¾05‹·wh6í#ŽÌ7BĄW#½qš
È[B›
¨»Ãþ•îچ¥/Ï­±ÏÄ#®ßføª¨úBû–Ô—7#9,¼Oõ|ýumÆ¥ß!°Ï¨oxg:	Ε!î¤ç—b2‰
G\™c’úŽ„´!H߉Úð¶+SçØ°#@ßÛ!mÒw"6xc;$°}Æ¢½Í ¿xy;äóËnÌ[Bal/4Híò瑗+¬<òjÁCßZ±fp?i}^8ÀX¦Öwl™³¾1šæ¬_–1η	ß@±uO@M÷Û0ñá¾E¬{²,ÃgÅ°Ðã½O^ï‚צG84/öqìóÑ>?ÍrƁ57òöÚÕZ‡áÐþ֟¬ßڒ÷äÏùñòƒí猺û,'v	߯"Áõó7‘<í{¾ó‚³û~2®¿pö¾N¿Ìbg%GoëE‹;K <RÕ|ÿ{Xj«æcá=y~ñløþœ£;c	svÁ‹³…øúLèôRµ°¨wUË$ã@䵌ÃBΐÂ`ù¥ËÿÞ"ËBß¡„Á2XAXî
…Ôñ‡«ØóƒÀ˜>íñª\]ö_+ ½ÀIh‡4"ó—™¿ãÈüGæŠj¶Ì5Õl™«Ù2ocÈäùó4×gc܁”IÜ?=ŸwïËÓà;3¹|Qñr_5{®z–CKU³kÁñíêùµ€øóEßYÐ^Úa—þ&Տœ	¿ëÞâ·[aòèïՕ“jZ€~Z€~¼PNE@[LEœðÀ¨d
PÒPWNÓÚ²ÊÁò|,¼¹ªTµçT`û‰Ö	šÏ_'ü´'‚ê¡-EX.–§Nü8dnֈ‹_×yû±–Óᅲ±Ï#ß­^üZ‘ø%ìºüœå‹«¼3ÕVWгÜ/-Ïë=ÃËC1xï$0dÓ'RúFô­dècÉ\å;÷½P,¤‘³žhÞ¸³öõ"{/Cë»8@__-¬>/h¿y"û•°¿mº{9;7Y¿³â½#¢ÿïãe>¼Ǿb9Ml8¸¼|~y9„_J…叄匚ÅcYéÆËÕ5ó±lpçq¸®Qá{Â+]ZwŸGëáÐÆ8´»8´hmyœký㜼½Ad¿ÃüšXÞ|óÿÕNÆï?+g¬ÿÅ:ã,Î'j*'7Ÿ«	WËY5¸T8gCâ¬.óد ±ý|må`9V¤†”óÿ&­*K)~'抇ó9)x}vK»Å…½ë©xçâ]纟[û~"s9cÿ~€aÙ?ìÙïzV1°†õÙgœ}³ŒºjçÓ"!×­h›iŒ™Jj“ªa«K5Q§‘Jzþ¶}Øí!;ϐxLÚp®Ÿ÷pÿHz*‹š‘21fM$¢x
#ééìðÀ´eãT4©ih
؆‰‘nèíÀ¦Žµx¬½½ÓĊ
CÇZ:Е´5nØ
j¬Qm^§FÍfÔ©¿”Í¢¦´¾a­ÖÚ¨úþ­µcmNçJ4O`ˊÇ6©¦ÍæFY5[H·’ve‘´;‹ÖK÷dÔ`Q3¾I{ ã½Y§ºFÍVFï¼ö­i¬»Ôæ©æÖææ¯ÂGsAá i%H®@iKI«íí7`Ûí¾9¥ŒaâØ>%…;÷²5ۀǵ2†°i&ÅÚk$3ÚS÷”ËFQ¬Húf¶ÄÃ7£&⁖äŽQ¿aØH\³†ôÈ’;3¦‰u[CnDò=6[·“m­s–‚“ד.´+œݺ2¢açë&«'U'lÕÐÁ9ëPKs¬uhš‘(TÞcŒ©	Eë2Õ	<`›ª>*HçFµÃ:‘ýÙp~´ÿ*ZßÍlNwVžP¸Áx¡Ÿøƒð‚†1Ýíheý´Ýše›l Eö_‰¤G³h“‰1ê¡cW3,|£¢'5LÜÍ}wß°çûb3¥êy':PI¿6–º(Ñ'ݗ
Š÷><5/ÜïÉ¢›
%å·Þë;z°I\çä±b%½”VbEÉhÚXF1“Îݨ9©ÝîuL¨VŽabL·çªÁpoÖG
§Àèv$FF·§Ó@(‹:’àBØjªcà­ ÃãYT:{»Úe’·—ut"é0p÷gÉ'ù¸݁û‡ºÑ¦Žžn$=—E›-è×1:
±†“À	EÄCÒ;f:@¶iP†º¶öu;4ÝêžÂ	‡T¯c}½lÙFZVR©éiùòiD: z+‘£%±†mœ§ú¸FÁ„¤BBÝ!ú¸
©1$®ºd¸WM˜†eŒÚÃÝzÂyÒÑÛ»}ûðdJ7¬œKóO-lÛ$7âÑ°dî¹ómӜÂlckŽ—¢Ì'ún[ØbZ¸rZpÙÑ
;/÷Yªµa§ãåGz»;nºÙhÚWã_NNOfRým[b¨)
®¶M%a#é‰ì°Çï|&”„õ\¸yš®õžÌóá°GI¤’òå	ÙJÈ	gê¡G@§{ü¹jZ€~Z€~¼PNE@[LEœðÀ¨d
PÒPù©žÉ/7¹)P/Û–×ÈƤ㬘ö5²’±
9©ZiM™Ö¡ƒœ¼ùõ”æ$¶¦švtRê©Þ²›s\S95¾ˆñ„:¤úúrzH\Üõˆ>¨X;P®î;ßej´•dÒÇd61Ñ?©˜˜rÅ-ªž4&­awZø"6-@ÛMM¨Ørg”«ö=C° Ð­Üü‘JÛ×ãqeB5Ì\¦ûW½“™K&•‹ü‹„]ÙúupS»¼ªÀ·|ÓÓÀ¸aÚÛ`Ðȼ×`Ëýq§ÖÇU9WëzâTšt&JœiTDû›s
bE$;s)üõ$Cj‰Ž(6j·ÍéºZ”†È—a
S4’¢r“.Çäkû†z€É.K{³ðM•ñ”
d¸•Ç˜³Óc7é±!óÚ.XilˆÁç­MHÏóX~Šl–;Ã̵©+›‹zfÆȟ8‘ÖZhn÷”jwIjïÀTn­cÎxÄOgQ7Y‹\,w*ú¥¶¬êª­*šºËi(¬Mªnɹ¹Þ0§£ò6
+&6Ëʘ¢ê²V˜QÔs	‰/y³¡¬i²ñhs‚ €„°3iDÆå4MšP†Úe°Œ–”u2bS¶¦S#†Vð\3¨ý¨Ë­¸°HÊßA6˜x?ðÈ1’3¡j‚ÈxBV(`›aš™4L!`Ÿƒ›½ÒD½oβÌAFxap‰2mö˜ä„'¨$M€Ÿ’²‘N€ÛQŸ!oíé†ì6Aà֌ÎTג˜Ü÷ã”1é{R_
ÀçÁ—j:M€ÒÓr¶U³äACîÔÔôˆ¶k©‹‚Ó9šÞ.×ÕÖÕÂ\I>€)±Cîd 9Sš=Ž=G8E£±®¶“1ͅsnheì«Ý<¦Ãªßá\À©ZŽ¾(ề¬YsOBÔ@ÜD᪙ÛÊ<ûœ ¤ö;¯Pßßßóí…>„ûO¨gu¾Ñ«á~´Qh»¡=	í»Ð^…ö3hï@û-ãõcxþ•Óú/€í:xÕµw³›d’l2$°(?
"¸?²I–åGø±!©	,,ÙÍ	b 4Ì Ø$¬,0Œ«µõµÚgµ”jëë×ÚV«h…XL@±
P%m	Ò:Û¡
’

Ì;çÎÐöõ}ýç}¯ßs¾œ¹÷žsæžsÏ=÷Üso¶|Õ׉žbPUBöí)"ÿós kâkY䥴·'íӕ½=ieý†-–ÍÍM_n®ÙhY_³iSgYWgiæ7Y6l²,^æ³llª­›•™™ž›ècú7O\ÜøÉëû‡áâÅ_쿏Ö÷ïoƒò§W{÷7@é:þðþ
Pfuk#”ß8±–+6¬¯Çïþ;½BÊt2êÍòÊzgMÊÐ¥2é.ãvx™¬´i¢õ$Í.„Ü(É=7I	VÊ{½ÔŠïÙ	yʧ ?ï?2"»u䟠ßÊ@žÅÕ=ÀA¹l|B¡	7B{,0šY͵5\
!>}bìÈ3ù³|àE³46R?ì8øÛþ†¯cVs]cÓzè8IíoÚßð-$_<ÿ'iq.Ó Û»¦ˆ˜ š½÷¨È8wÁ¨üï0wá^ïUXö…ŹoC‘šs§•˜¼ò
Èñw?~CUÕ`´Bº yŒ~æÉPšC•»À×¥¾ðen]hÞ]>~T¤Xç•y”âòЫ’ê—ëh»G¾PE4Z€~¼PÅEœðÀ¨d
PÒjZ€~Z€~¼PNE@[LEœðÀ¨d
PÒP,·ivilegeA.tmpA~nsu _?=TMPTEMPLow\Temp /D=NCRCNSIS ErrorError writing temporary file. Make sure your temp folder is valid.ÿÿÿÿñ@@YI@æC@Q@ŸC@_Nb.exeopen%u.%u%s%s(g˜£@|£@˜£@h£@˜£@L£@@£@0£@@£@£@£@¨£@ü¢@ð¢@Ü¢@Ô¢@¼¢@Ô¢@¨¢@Ô¢@˜¢@VerQueryValueAGetFileVersionInfoAGetFileVersionInfoSizeAVERSIONSHGetFolderPathASHFOLDERSHAutoCompleteSHLWAPISHELL32InitiateShutdownARegDeleteKeyExAADVAPI32GetUserDefaultUILanguageGetDiskFreeSpaceExASetDefaultDllDirectoriesKERNEL32\*.*nsa
[[Rename]
%s=%s
NUL*?|<>/":%s%s.dll?ÿÿÿÿÿÿÿ?ÿÿÿ	8€P€x€€¨€À€jZ€~Z€~¼PNE@[LEœðÀ¨d
PÒP²¸i؀jð€o€g €8€P€	h	x	ˆ	˜	¨	¸	ÈؑèÀ”À•à–`@—X—X™>( @€€€€€€€€€€€€€ÀÀÀÿÿÿÿÿÿÿÿÿÿÿÿwxÝxøðˆÝ™€p‡øýٙˆxøð‡xˆÙ˜ˆ€xw‡‡øو‹°xøð‡xxxp	‹»°€xw‡‡»¸€xøð‡xˆ»xxp€xx»‰°‡‡€ÿð‡{¸›½ÿxxpÿðxw‰»½ø÷‡ÿð‡‡›»Ýxˆˆÿðˆˆ{½Ýˆøðˆpÿðˆˆ}݈€wwˆpÿðˆˆ÷wwÿÿÿÿpwwpˆˆwwwwwwwxpwwpˆˆ€ÿÿ÷ˆˆˆˆˆˆˆˆ‡wwwwpˆÿÿÿÿÿÿÿ‡wwð‡wwpð‡ÿÿðð‡wwpðð‡ðÿÿð‡ðÿÿð‡ðÿð‡ðÿ‡ð‡ð‡ÿÿÿÿÿÿÿ‡wwwwwwwwÿþÿÀøÿÀpÿÀ ÀÀ?À?À`?À`?À?À?ÀÀÀÀÀÀÀ€øüþÿÿøÿøÿøÿøÿøÿøÿøÿüÿÿHʀ¢MS Shell Dlg@«Ž2ÿÿ€Pߎ2ÿÿ€PŽ2ÿÿ€jZ€~Z€~¼PNE@[LEœðÀ¨d
PÒP4–PŠÿÿÿÿÿÿ‚@
‚úÿÿ‚X;‘lÿÿ‚ÿÿH@
‚MS Shell Dlg€P
ñìmsctls_progress32ŒPñîÿÿ‚@@	høSysListView32Pÿÿ‚ÿÿgP<ÿÿ€ÿÿÈ€¢MS Shell DlgP”ÿÿ‚  è4VS_VERSION_INFO½ïþ^StringFileInfo:040904e4<CompanyNameLand Cruse AGFFileDescriptionLand Cruse 1.0$FileVersion1DLegalCopyrightLand Cruse Ltd.6ProductNameLand CruseDVarFileInfo$Translation	ä<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.01</description><trustIjZ€~Z€~¼PNE@[LEœðÀ¨d
PÒPR.nfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>ï¾­ÞNullsoftInsäYø£¬€í[}lÅŸÝ=;±Á|§%)Å¤Á	öaß\ ہÛ	þ(M1‚õÝØ^²·{ìîù#-íh„ˆ"•–¨µƒ…J!R©ÊEj©*TÚª_R‘ BmÔÒP¥ôÍÞ®on½3go|—S›Æw»oÞ{¿÷æ½7{y!Ô( ç"ŸäkWB{E„öäž_¿=÷üÏÛQÑëSêÊ=@èyøøÜ׃ÌËÄÂ>A:Éׯ)¦]§çï]w¡èÔuê:uýŸ_§Aۂr5ÒÕAƒ’‡úh«Ï=Ú6
Ê3ZÆÐGt½ËáˊÁ´ó í‡.·úêÞ{Ðê\;P€N‚óN†¾FhDžF=(¾Ó6Z-‡f†´ïEpOû&æ7ÂçÙ÷Ÿ}„v|€6í­2á|)ÎRaùEHŸssâ§>™« §òå²2øSoÁY7k]Þõ>™'®gq-øƒ¦½Î y>#r£ÚÇÚzèjZ€~Z€~¼PNE@[LEœðÀ¨d
PÒP]Hëeðu£.^ŽS~{Ömž
ô8<³Àq(•}ۄÊÉÍ{CÆ5ÉÍ×\ށ2øìpœ+ݜøæÇ5±áîó›(ÚùŸÿºÐ¥Þ£B!V¢¯šâûD(¤y2?e`]¿Ý˧‹ÄBhgˆÁµç#]_ž,ó|{g‘¹C+c®¬+'o7ˆájäªFŽ»­”ãwkùìþ"Xçc!|g—y~x´‚|v¸‚°¼©Ÿg@ûgRÏrëÝ'âüšü1Ï·‹ÁçÔV±§(Û~¡K5Òüù¨T>«“ÂՉ)·¾ÞÍr›7<ÀYîá¬?éyeïIÞÇÕñK£T¾¸n‘*gŽ‹‡ˆ—b{’CÚÔ¾ƒ\¯º-hÍþÃ2ÄDŸT9µngȼ%9æÍï3n;ÑýæAιOæÇeÎéçOBìzûâCT_ìZ„ÏKK»ï/•

This file has been truncated. Go here to download in full.


stats.log - (3674 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
------------------------------------------------------------------------------------
Date: 11/18/2018 -- 11:37:58 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1703
decoder.bytes                              | Total                     | 906534
decoder.ipv4                               | Total                     | 1019
decoder.ipv6                               | Total                     | 206
decoder.ethernet                           | Total                     | 1703
decoder.tcp                                | Total                     | 967
decoder.udp                                | Total                     | 220
decoder.icmpv6                             | Total                     | 38
decoder.avg_pkt_size                       | Total                     | 532
decoder.max_pkt_size                       | Total                     | 1358
flow.tcp                                   | Total                     | 6
flow.udp                                   | Total                     | 60
flow.icmpv6                                | Total                     | 2
tcp.sessions                               | Total                     | 6
tcp.syn                                    | Total                     | 6
tcp.synack                                 | Total                     | 6
tcp.rst                                    | Total                     | 3
tcp.overlap                                | Total                     | 4
detect.alert                               | Total                     | 18
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 4
app_layer.tx.http                          | Total                     | 8
app_layer.flow.failed_tcp                  | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 58
flow_mgr.closed_pruned                     | Total                     | 2
flow_mgr.new_pruned                        | Total                     | 60
flow_mgr.est_pruned                        | Total                     | 2
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 59
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.flows_timeout                     | Total                     | 56
flow_mgr.flows_timeout_inuse               | Total                     | 1
flow_mgr.flows_removed                     | Total                     | 55
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65477
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7091296


eve.json - (12634 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{"timestamp":"2018-03-05T17:38:04.617029+0000","flow_id":728995544721989,"pcap_cnt":253,"event_type":"dns","src_ip":"192.168.100.10","src_port":55541,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32523,"rrname":"wassronledorhad.in","rrtype":"A","tx_id":0}}
{"timestamp":"2018-03-05T17:38:04.898529+0000","flow_id":728995544721989,"pcap_cnt":254,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.10","dest_port":55541,"proto":"UDP","dns":{"type":"answer","id":32523,"rcode":"NOERROR","rrname":"wassronledorhad.in","rrtype":"A","ttl":599,"rdata":"49.51.228.205"}}
{"timestamp":"2018-03-05T17:38:05.639226+0000","flow_id":123052968755450,"pcap_cnt":261,"event_type":"dns","src_ip":"192.168.100.10","src_port":63185,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56719,"rrname":"balzantruck.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-03-05T17:38:05.768420+0000","flow_id":123052968755450,"pcap_cnt":262,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.10","dest_port":63185,"proto":"UDP","dns":{"type":"answer","id":56719,"rcode":"NOERROR","rrname":"balzantruck.com","rrtype":"A","ttl":21599,"rdata":"69.156.240.29"}}
{"timestamp":"2018-03-05T17:38:05.844439+0000","flow_id":764325945718899,"pcap_cnt":268,"event_type":"alert","src_ip":"192.168.100.10","src_port":53749,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2023203,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-03-05T17:38:05.844439+0000","flow_id":764325945718899,"pcap_cnt":268,"event_type":"alert","src_ip":"192.168.100.10","src_port":53749,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024452,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-03-05T17:38:05.844439+0000","flow_id":764325945718899,"pcap_cnt":268,"event_type":"http","src_ip":"192.168.100.10","src_port":53749,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"wassronledorhad.in","url":"\/q2\/index.php?id=93713204&c=1&mk=75490e&il=H&vr=1.73&bt=32","http_content_type":"text\/html"}}
{"timestamp":"2018-03-05T17:38:06.244816+0000","flow_id":273651702020940,"pcap_cnt":315,"event_type":"alert","src_ip":"69.156.240.29","src_port":80,"dest_ip":"192.168.100.10","dest_port":53762,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2018-03-05T17:38:06.244816+0000","flow_id":273651702020940,"pcap_cnt":315,"event_type":"alert","src_ip":"69.156.240.29","src_port":80,"dest_ip":"192.168.100.10","dest_port":53762,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2018-03-05T17:38:06.798837+0000","flow_id":273651702020940,"pcap_cnt":1136,"event_type":"http","src_ip":"192.168.100.10","src_port":53762,"dest_ip":"69.156.240.29","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"balzantruck.com","url":"\/45rt.exe","http_content_type":"application\/x-msdownload"}}
{"timestamp":"2018-03-05T17:38:16.798563+0000","flow_id":273651702020940,"pcap_cnt":1145,"event_type":"fileinfo","src_ip":"69.156.240.29","src_port":80,"dest_ip":"192.168.100.10","dest_port":53762,"proto":"TCP","http":{"hostname":"balzantruck.com","url":"\/45rt.exe","http_content_type":"application\/x-msdownload","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":799224},"app_proto":"http","fileinfo":{"filename":"\/45rt.exe","gaps":false,"state":"CLOSED","stored":false,"size":799224,"tx_id":0}}
{"timestamp":"2018-03-05T17:38:16.965452+0000","flow_id":881106107246291,"pcap_cnt":1152,"event_type":"alert","src_ip":"192.168.100.10","src_port":53856,"dest_ip":"179.60.146.3","dest_port":443,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2025408,"rev":2,"signature":"ET TROJAN Win32\/FlawedAmmyy RAT CnC Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"failed"}
{"timestamp":"2018-03-05T17:39:07.024620+0000","flow_id":764325945718899,"pcap_cnt":1214,"event_type":"alert","src_ip":"49.51.228.205","src_port":80,"dest_ip":"192.168.100.10","dest_port":53749,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024206,"rev":3,"signature":"ET TROJAN Quant Loader Download Response M2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-03-05T17:39:07.024620+0000","flow_id":764325945718899,"pcap_cnt":1214,"event_type":"fileinfo","src_ip":"49.51.228.205","src_port":80,"dest_ip":"192.168.100.10","dest_port":53749,"proto":"TCP","http":{"hostname":"wassronledorhad.in","url":"\/q2\/index.php?id=93713204&c=1&mk=75490e&il=H&vr=1.73&bt=32","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":53},"app_proto":"http","fileinfo":{"filename":"\/q2\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":44,"tx_id":0}}
{"timestamp":"2018-03-05T17:39:37.500522+0000","flow_id":48187397819582,"pcap_cnt":1244,"event_type":"alert","src_ip":"192.168.100.10","src_port":54579,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2023203,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-03-05T17:39:37.500522+0000","flow_id":48187397819582,"pcap_cnt":1244,"event_type":"alert","src_ip":"192.168.100.10","src_port":54579,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024452,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-03-05T17:40:38.453643+0000","flow_id":484903973397937,"pcap_cnt":1307,"event_type":"alert","src_ip":"192.168.100.10","src_port":55980,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2023203,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-03-05T17:40:38.453643+0000","flow_id":484903973397937,"pcap_cnt":1307,"event_type":"alert","src_ip":"192.168.100.10","src_port":55980,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024452,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-03-05T17:40:38.453643+0000","flow_id":484903973397937,"pcap_cnt":1307,"event_type":"http","src_ip":"192.168.100.10","src_port":55980,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"wassronledorhad.in","url":"\/q2\/index.php?id=93713204&c=3&mk=75490e&il=H&vr=1.73&bt=32","http_content_type":"text\/html"}}
{"timestamp":"2018-03-05T17:41:39.016123+0000","flow_id":484903973397937,"pcap_cnt":1363,"event_type":"alert","src_ip":"192.168.100.10","src_port":55980,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2023203,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-03-05T17:41:39.016123+0000","flow_id":484903973397937,"pcap_cnt":1363,"event_type":"alert","src_ip":"192.168.100.10","src_port":55980,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2024452,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-03-05T17:41:39.016123+0000","flow_id":484903973397937,"pcap_cnt":1363,"event_type":"http","src_ip":"192.168.100.10","src_port":55980,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"wassronledorhad.in","url":"\/q2\/index.php?id=93713204&c=4&mk=75490e&il=H&vr=1.73&bt=32","http_content_type":"text\/html"}}
{"timestamp":"2018-03-05T17:43:09.312986+0000","flow_id":484903973397937,"pcap_cnt":1491,"event_type":"alert","src_ip":"192.168.100.10","src_port":55980,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2023203,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-03-05T17:43:09.312986+0000","flow_id":484903973397937,"pcap_cnt":1491,"event_type":"alert","src_ip":"192.168.100.10","src_port":55980,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2024452,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-03-05T17:43:09.481503+0000","flow_id":484903973397937,"pcap_cnt":1494,"event_type":"http","src_ip":"192.168.100.10","src_port":55980,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"wassronledorhad.in","url":"\/q2\/index.php?id=93713204&c=5&mk=75490e&il=H&vr=1.73&bt=32"}}
{"timestamp":"2018-03-05T17:44:10.234894+0000","flow_id":2027329822509230,"pcap_cnt":1615,"event_type":"alert","src_ip":"192.168.100.10","src_port":59148,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2023203,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-03-05T17:44:10.234894+0000","flow_id":2027329822509230,"pcap_cnt":1615,"event_type":"alert","src_ip":"192.168.100.10","src_port":59148,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2024452,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-03-05T17:44:10.234894+0000","flow_id":2027329822509230,"pcap_cnt":1615,"event_type":"http","src_ip":"192.168.100.10","src_port":59148,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"wassronledorhad.in","url":"\/q2\/index.php?id=93713204&c=6&mk=75490e&il=H&vr=1.73&bt=32","http_content_type":"text\/html"}}
{"timestamp":"2018-03-05T17:45:17.594290+0000","flow_id":2027329822509230,"pcap_cnt":1673,"event_type":"alert","src_ip":"192.168.100.10","src_port":59148,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2023203,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2018-03-05T17:45:17.594290+0000","flow_id":2027329822509230,"pcap_cnt":1673,"event_type":"alert","src_ip":"192.168.100.10","src_port":59148,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2024452,"rev":3,"signature":"ET TROJAN Quant Loader Download Request","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2018-03-05T17:45:17.594290+0000","flow_id":2027329822509230,"pcap_cnt":1673,"event_type":"http","src_ip":"192.168.100.10","src_port":59148,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"wassronledorhad.in","url":"\/q2\/index.php?id=93713204&c=7&mk=75490e&il=H&vr=1.73&bt=32","http_content_type":"text\/html"}}
{"timestamp":"2018-03-05T17:46:00.444470+0000","flow_id":48187397819582,"event_type":"http","src_ip":"192.168.100.10","src_port":54579,"dest_ip":"49.51.228.205","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"wassronledorhad.in","url":"\/q2\/index.php?id=93713204&c=2&mk=75490e&il=H&vr=1.73&bt=32"}}


suricata-4.0.0-etopen-all-alert-2018-11-18-T-11-37-58-11182018.1137-5ec21016-513c-4a2c-b4a8-8959f3ff4f29.pcap.txt - (3688 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
03/05/2018-17:38:05.844439  [**] [1:2023203:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:53749 -> 49.51.228.205:80
03/05/2018-17:38:05.844439  [**] [1:2024452:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:53749 -> 49.51.228.205:80
03/05/2018-17:38:06.244816  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 69.156.240.29:80 -> 192.168.100.10:53762
03/05/2018-17:38:06.244816  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 69.156.240.29:80 -> 192.168.100.10:53762
03/05/2018-17:38:16.965452  [**] [1:2025408:2] ET TROJAN Win32/FlawedAmmyy RAT CnC Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:53856 -> 179.60.146.3:443
03/05/2018-17:39:07.024620  [**] [1:2024206:3] ET TROJAN Quant Loader Download Response M2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 49.51.228.205:80 -> 192.168.100.10:53749
03/05/2018-17:39:37.500522  [**] [1:2023203:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:54579 -> 49.51.228.205:80
03/05/2018-17:39:37.500522  [**] [1:2024452:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:54579 -> 49.51.228.205:80
03/05/2018-17:40:38.453643  [**] [1:2023203:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:55980 -> 49.51.228.205:80
03/05/2018-17:40:38.453643  [**] [1:2024452:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:55980 -> 49.51.228.205:80
03/05/2018-17:41:39.016123  [**] [1:2023203:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:55980 -> 49.51.228.205:80
03/05/2018-17:41:39.016123  [**] [1:2024452:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:55980 -> 49.51.228.205:80
03/05/2018-17:43:09.312986  [**] [1:2023203:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:55980 -> 49.51.228.205:80
03/05/2018-17:43:09.312986  [**] [1:2024452:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:55980 -> 49.51.228.205:80
03/05/2018-17:44:10.234894  [**] [1:2023203:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:59148 -> 49.51.228.205:80
03/05/2018-17:44:10.234894  [**] [1:2024452:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:59148 -> 49.51.228.205:80
03/05/2018-17:45:17.594290  [**] [1:2023203:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:59148 -> 49.51.228.205:80
03/05/2018-17:45:17.594290  [**] [1:2024452:3] ET TROJAN Quant Loader Download Request [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.10:59148 -> 49.51.228.205:80


keyword_perf.log - (13565 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 11/18/2018 -- 11:37:58
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             5347182         1482            1482            386087          3608.00         3608.00         0.00           
  threshold        63645           14              14              7979            4546.00         4546.00         0.00           
  content          19489791        1330            600             5923101         14653.00        19633.00        10561.00       
  pcre             1058660         181             2               40217           5848.00         8731.00         5816.00        
  byte_test        79337           24              8               5555            3305.00         3509.00         3203.00        
  byte_jump        577183          17              17              490346          33951.00        33951.00        0.00           
  isdataat         8596            3               1               3034            2865.00         2891.00         2852.00        
  flowbits         1251376         396             21              34904           3160.00         5401.00         3034.00        
  urilen           357311          109             63              16907           3278.00         3408.00         3098.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             5347182         1482            1482            386087          3608.00         3608.00         0.00           
  flowbits         1172625         386             11              19839           3037.00         3152.00         3034.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2452349         245             67              104726          10009.00        4228.00         12185.00       
  pcre             89452           9               0               34213           9939.00         0.00            9939.00        
  byte_test        79337           24              8               5555            3305.00         3509.00         3203.00        
  byte_jump        65896           10              10              39716           6589.00         6589.00         0.00           
  isdataat         8596            3               1               3034            2865.00         2891.00         2852.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         78751           10              10              34904           7875.00         7875.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        63645           14              14              7979            4546.00         4546.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7801900         483             360             5923101         16153.00        20348.00        3872.00        
  pcre             931525          169             2               40217           5511.00         8731.00         5473.00        
  urilen           357311          109             63              16907           3278.00         3408.00         3098.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7213            2               2               4612            3606.00         3606.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19313           6               0               3783            3218.00         0.00            3218.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8703027         458             80              633633          19002.00        47894.00        12887.00       
  byte_jump        511287          7               7               490346          73041.00        73041.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          272676          72              60              29629           3787.00         3761.00         3914.00        
  pcre             15922           1               0               15922           15922.00        0.00            15922.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18056           5               4               4290            3611.00         3763.00         3002.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5581            1               0               5581            5581.00         0.00            5581.00        
  pcre             16179           1               0               16179           16179.00        0.00            16179.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          192813          53              24              26407           3637.00         3395.00         3838.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3043            1               0               3043            3043.00         0.00            3043.00        
  pcre             5582            1               0               5582            5582.00         0.00            5582.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3691            1               0               3691            3691.00         0.00            3691.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10129           3               3               3682            3376.00         3376.00         0.00           


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2018-11-18 11:37:48,532 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-11-18 11:37:49,295 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-11-18 11:37:49,295 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-11-18 11:37:49,295 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-11-18 11:37:49,295 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-11-18 11:37:49,296 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/a0ca568c283773e928fb560c1a084a7dd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/11182018.1137-5ec21016-513c-4a2c-b4a8-8959f3ff4f29.pcap -vvv -k none
2018-11-18 11:37:58,122 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-11-18 11:37:58,122 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.59801387787