Filename: 3333.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.1532988548 seconds
Hash: a34a3717d9ed8f0cad94b44a9aca4ee7
Uploaded: 1557156568

Logfiles


packet_stats.log - (5666 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          3493          1795815     1206152890     639323779       2233.2b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          3493            65446       19573174        375977          1.3b   96.58
TMM_RECEIVEPCAPFILE         IPv4       6          3483             2534        2989347          3830         13.3m    0.98
TMM_DECODEPCAPFILE          IPv4       6          3483             2645       14566732          9518         33.2m    2.44

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3483             2711          51628          3387         11.8m  0.99  
stream                  IPv4       6          3493             2546          84403          7663         26.8m  2.25  
detect                  IPv4       6          3493            44095       19544409        326498          1.1b  95.83 
tcp-prune               IPv4       6          3493             2508         165760          3171         11.1m  0.93  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6             9             2632           4050          2948         26.5k  100.00
Proto detect            IPv4       6             1            28246          28246         28246         28.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6           657            11879         271597         22079         14.5m  22.06 
LOGGER_UNIFIED2             IPv4       6           657            17038         105634         21142         13.9m  21.13 
LOGGER_JSON_ALERT           IPv4       6           657            31340        7586787         56848         37.3m  56.81 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2719             2579       12566628         55688       151.4m  56.44 
stream                            IPv4       6          2719             2531        3598417         42972       116.8m  43.56 
Total                             IPv4                  5438                                         49330       268.3m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            50            36516         143645         41999          2.1m  0.15  
PROF_DETECT_RULES           IPv4       6          3493             2521        4775752        152392        532.3m  38.37 
PROF_DETECT_STATEFUL_START    IPv4       6             5             9669          26754         13847         69.2k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          3493             2510          68531         13071         45.7m  3.29  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          3292             2548          36650          2825          9.3m  0.67  
PROF_DETECT_PREFILTER       IPv4       6          3493             7697       19277903        118060        412.4m  29.73 
PROF_DETECT_PF_PAYLOAD      IPv4       6          2719            14127       12578275        107475        292.2m  21.06 
PROF_DETECT_PF_TX           IPv4       6          3292             2624       15616442          7792         25.7m  1.85  
PROF_DETECT_PF_SORT1        IPv4       6          2687             2524        1295253          4936         13.3m  0.96  
PROF_DETECT_PF_SORT2        IPv4       6          3493             2512          63068          3032         10.6m  0.76  
PROF_DETECT_NONMPMLIST      IPv4       6          3493             2520          50018          3014         10.5m  0.76  
PROF_DETECT_ALERT           IPv4       6          3493             2518          47907          2979         10.4m  0.75  
PROF_DETECT_CLEANUP         IPv4       6          3493             2509          86534          3045         10.6m  0.77  
PROF_DETECT_GETSGH          IPv4       6          3493             2512        1433608          3471         12.1m  0.87  


suricata-report-2019-05-06-T-15-29-51-05062019.1529-3333.pcap.txt - (17541 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a34a3717d9ed8f0cad94b44a9aca4ee756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05062019.1529-3333.pcap -vvv -k none
elapsedtime:22.246573
stderr:
stdout:
6/5/2019 -- 15:29:29 - <Info> - Configuration node 'rule-files' redefined.
6/5/2019 -- 15:29:29 - <Notice> - This is Suricata version 4.0.0 RELEASE
6/5/2019 -- 15:29:29 - <Info> - CPUs/cores online: 1
6/5/2019 -- 15:29:29 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31439 and 'request-body-inspect-window' set to 15864 after randomization.
6/5/2019 -- 15:29:29 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31704 and 'response-body-inspect-window' set to 16954 after randomization.
6/5/2019 -- 15:29:29 - <Config> - DNS request flood protection level: 500
6/5/2019 -- 15:29:29 - <Config> - DNS per flow memcap (state-memcap): 524288
6/5/2019 -- 15:29:29 - <Config> - DNS global memcap: 16777216
6/5/2019 -- 15:29:29 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
6/5/2019 -- 15:29:29 - <Config> - preallocated 1000 hosts of size 136
6/5/2019 -- 15:29:29 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
6/5/2019 -- 15:29:29 - <Config> - using magic-file /usr/share/file/magic
6/5/2019 -- 15:29:29 - <Config> - Core dump size is unlimited.
6/5/2019 -- 15:29:29 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
6/5/2019 -- 15:29:29 - <Config> - preallocated 1000 defrag trackers of size 168
6/5/2019 -- 15:29:29 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
6/5/2019 -- 15:29:29 - <Config> - stream "prealloc-sessions": 2048 (per thread)
6/5/2019 -- 15:29:29 - <Config> - stream "memcap": 33554432
6/5/2019 -- 15:29:29 - <Config> - stream "midstream" session pickups: disabled
6/5/2019 -- 15:29:29 - <Config> - stream "async-oneside": disabled
6/5/2019 -- 15:29:29 - <Config> - stream "checksum-validation": disabled
6/5/2019 -- 15:29:29 - <Config> - stream."inline": disabled
6/5/2019 -- 15:29:29 - <Config> - stream "bypass": disabled
6/5/2019 -- 15:29:29 - <Config> - stream "max-synack-queued": 5
6/5/2019 -- 15:29:29 - <Config> - stream.reassembly "memcap": 134217728
6/5/2019 -- 15:29:29 - <Config> - stream.reassembly "depth": 0
6/5/2019 -- 15:29:29 - <Config> - stream.reassembly "toserver-chunk-size": 2642
6/5/2019 -- 15:29:29 - <Config> - stream.reassembly "toclient-chunk-size": 2666
6/5/2019 -- 15:29:29 - <Config> - stream.reassembly.raw: enabled
6/5/2019 -- 15:29:29 - <Config> - stream.reassembly "segment-prealloc": 2048
6/5/2019 -- 15:29:29 - <Config> - Delayed detect disabled
6/5/2019 -- 15:29:29 - <Config> - pattern matchers: MPM: ac, SPM: bm
6/5/2019 -- 15:29:29 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
6/5/2019 -- 15:29:29 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
6/5/2019 -- 15:29:29 - <Config> - prefilter engines: MPM
6/5/2019 -- 15:29:29 - <Config> - IP reputation disabled
6/5/2019 -- 15:29:29 - <Perf> - Registered 148 keyword profiling counters.
6/5/2019 -- 15:29:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
6/5/2019 -- 15:29:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
6/5/2019 -- 15:29:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
6/5/2019 -- 15:29:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
6/5/2019 -- 15:29:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
6/5/2019 -- 15:29:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
6/5/2019 -- 15:29:34 - <Config> - No rules loaded from ET-icmp.rules.
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
6/5/2019 -- 15:29:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
6/5/2019 -- 15:29:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
6/5/2019 -- 15:29:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
6/5/2019 -- 15:29:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
6/5/2019 -- 15:29:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
6/5/2019 -- 15:29:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
6/5/2019 -- 15:29:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
6/5/2019 -- 15:29:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
6/5/2019 -- 15:29:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
6/5/2019 -- 15:29:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
6/5/2019 -- 15:29:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
6/5/2019 -- 15:29:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
6/5/2019 -- 15:29:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
6/5/2019 -- 15:29:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
6/5/2019 -- 15:29:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
6/5/2019 -- 15:29:41 - <Config> - No rules loaded from local.rules.
6/5/2019 -- 15:29:41 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
6/5/2019 -- 15:29:41 - <Info> - Threshold config parsed: 0 rule(s) found
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for tcp-packet
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for tcp-stream
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for udp-packet
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for other-ip
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_uri
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_client_body
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_accept
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_accept_enc
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_accept_lang
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_referer
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_connection
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_method
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_raw_uri
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_user_agent
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_host
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_raw_host
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_stat_msg
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_stat_code
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for dns_query
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for tls_sni
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for tls_cert_issuer
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for tls_cert_subject
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for tls_cert_serial
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 15:29:42 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 15:29:42 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
6/5/2019 -- 15:29:42 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
6/5/2019 -- 15:29:42 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
6/5/2019 -- 15:29:42 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
6/5/2019 -- 15:29:42 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
6/5/2019 -- 15:29:42 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
6/5/2019 -- 15:29:42 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
6/5/2019 -- 15:29:42 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
6/5/2019 -- 15:29:47 - <Perf> - Unique rule groups: 104
6/5/2019 -- 15:29:47 - <Perf> - Builtin MPM "toserver TCP packet": 35
6/5/2019 -- 15:29:47 - <Perf> - Builtin MPM "toclient TCP packet": 17
6/5/2019 -- 15:29:47 - <Perf> - Builtin MPM "toserver TCP stream": 33
6/5/2019 -- 15:29:47 - <Perf> - Builtin MPM "toclient TCP stream": 19
6/5/2019 -- 15:29:47 - <Perf> - Builtin MPM "toserver UDP packet": 27
6/5/2019 -- 15:29:47 - <Perf> - Builtin MPM "toclient UDP packet": 17
6/5/2019 -- 15:29:47 - <Perf> - Builtin MPM "other IP packet": 3
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_uri": 14
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_request_line": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_client_body": 6
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient http_response_line": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_header": 10
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient http_header": 6
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_header_names": 2
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_accept": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_referer": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_content_len": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_content_type": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient http_content_type": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_protocol": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_start": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_method": 5
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_cookie": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient http_cookie": 2
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver http_host": 2
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver dns_query": 4
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver tls_sni": 2
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toserver file_data": 1
6/5/2019 -- 15:29:47 - <Perf> - AppLayer MPM "toclient file_data": 7
6/5/2019 -- 15:29:49 - <Perf> - Registered 39590 rule profiling counters.
6/5/2019 -- 15:29:49 - <Info> - fast output device (regular) initialized: alert
6/5/2019 -- 15:29:49 - <Info> - eve-log output device (regular) initialized: eve.json
6/5/2019 -- 15:29:49 - <Config> - enabling 'eve-log' module 'alert'
6/5/2019 -- 15:29:49 - <Config> - enabling 'eve-log' module 'http'
6/5/2019 -- 15:29:49 - <Config> - enabling 'eve-log' module 'dns'
6/5/2019 -- 15:29:49 - <Config> - enabling 'eve-log' module 'tls'
6/5/2019 -- 15:29:49 - <Config> - enabling 'eve-log' module 'files'
6/5/2019 -- 15:29:49 - <Config> - enabling 'eve-log' module 'ssh'
6/5/2019 -- 15:29:49 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
6/5/2019 -- 15:29:49 - <Info> - stats output device (regular) initialized: stats.log
6/5/2019 -- 15:29:49 - <Config> - AutoFP mode using "Hash" flow load balancer
6/5/2019 -- 15:29:49 - <Info> - reading pcap file /var/pcap/05062019.1529-3333.pcap
6/5/2019 -- 15:29:49 - <Config> - using 1 flow manager threads
6/5/2019 -- 15:29:49 - <Config> - using 1 flow recycler threads
6/5/2019 -- 15:29:49 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
6/5/2019 -- 15:29:49 - <Info> - No packets with inval

This file has been truncated. Go here to download in full.


unified2.alert.1557156589 - (125633 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
4YW¶	DöãiÀ¨tŠÀ¨t•2½#YW¶YW¶	Dö%³õút»OLØEù=Ë@€MÃÀ¨tŠÀ¨t•2½#M‹§–еPþ©GwRxwtyuK2VBk7hHuMISw3Q1l91m+JC21q3acLy+Sb+DXiK7216urYRdKw6rGC+Z9kGQ7zap088YFppnl+VxWphqZck/WQ€¨ÿÿÿÿñßÿ ðßÿñßÿÿÿÿÿ`€ïßÿÐÿÿÿÿÿÐÿÿÿÿÿ`ÿÏÿÿÿÿÿ€9»fd4d9L7LS8S9B/wrEIUITZWAQeOPEtmB9vuq8KgrAP3loQnkmQdvP0QF9j8CIF9EdmNK3KEnH2CBme0Xxbx/WOOCBCDPvvjJYvcvf95egcjZ+dWquiACPOkTFW3JS6M+sLa/pa6uVzjjWOIeBX+V3Pu12C9PjUWOoRfFOAX+SFzVJL4ugpzxsVRvgFvIgqXupq+y6bfWsK90pWeE5qzBSTKcSepm0GPGr/rJg0hJn4aVBbsdnXxM2ZCDorVUsFUsF9vXC2UIJlsx5yEdThqQ5MoEd6tRwRSfYA87dvMJrPfpB8qLIaFHNX684tJJn30Bx0vnkLW3oRcGKuBqZdJ/PI4yIm++QVKkBLVa106S2gpwejplTs510cW0VN+8yVJAuZhPZSij7FLlAE4zS0bjSo6lP098nSduB9h9eziOeLhd1KG16h+g8xP2CV1VsNhr9ao+2cmCeiHYhbceDilST+ASGztHMWarFIlJUL6qlCrptzEJTk+er2j7SfHHT0nNtEa4+JRvPq5C21Kd1pcQ7vKlvZ5flQs1vvXTGZhYZKTv5lrdWNEtVEzGh+KvTFJxqKz5LNvLPT/0yRqcO6deL/nmv3UCt+B0Ut2X6cNonJG76Ut78wcRv4YP2MwApDS9fSz2AGGVxm246qiUiKWWtM6w40aDjuPH7gCQEoDHwhJgvLgmSaibPwjJrDzO0hMGDrp6SxwIFNS1G2oAPcvOn4CL4JDuLCBs08NtDrQysl0WMgCIBM+1O5D8Lue0J0359/4fCzqNCvBoqgyss9YWZb6wy6C/Kz4ak/Qmt74uXsA71fduIs3zEs6CAPpQQlvXMlZYWczpenAS2b+gO6aHHEFZBJmJ6Vy9I4RoLIPH/8Ig1ManJzkgPODvGvcuE/WUDFmiIiwGMlFMFTchBTVUQSPaLFWMUk6FqeO1LTY2/Rc3lSWSuBVeAAtlUNa6kfXqh/9==4YWÃìÙ Á	À¨t¬À¨tŠÀϽŸYWÃYWÃìÙƒ»OLØÄ3ÆÝEu…@€wvÀ¨t¬À¨tŠÀϽ­VÆʗPÿ©ÜIÿSMBu /KÅ^ÿ\\192.168.116.138\IPC$?????4YWÄp" Â	À¨tŠÀ¨t•½²YWÄYWÄp"–%³õút»OLØEˆ>/@€QÐÀ¨tŠÀ¨t•½Ÿ¨%md¹3@Pÿj¶\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWÄrÈãÀ¨t•À¨tŠ½yYWÄYWÄrÈ]»OLØ%³õútEO+ö@€dBÀ¨t•À¨tŠ½d¹3|Ÿ¨&PÿI#ÿSMB2À˜Àé/•ÿþQ4YWÇþö Â	À¨t¬À¨tŠÁ½²YWÇYWÇþö–»OLØÄ3ÆÝEˆÙ@€wÀ¨t¬À¨tŠÁ½ìÒ6…•ä˜Pÿq;\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWÇÃãÀ¨tŠÀ¨t¬½ÁyYWÇYWÇÃ]Ä3ÆÝ»OLØEO>6@€QëÀ¨tŠÀ¨t¬½Á•äÔìÒ77Pÿ$ü#ÿSMB2À˜Àò3=ÿþQ4YWÇ£  Â	À¨tŠÀ¨t•Ø½²YWÇYWÇ£ –%³õút»OLØEˆ>=@€QÂÀ¨tŠÀ¨t•Ø½Æ«Â)ÏúdPÿ’\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4YWǤ}ãÀ¨t•À¨tŠ½ØyYWÇYWǤ}]»OLØ%³õútEO,@€d1À¨t•À¨tŠ½Ø)Ïú Æ«Â½PÿøÞ#ÿSMB2À˜Àé/•ÿþQ4	YWǬ Â	À¨tŠÀ¨t•Ù½²	YWÇYWǬ–%³õút»OLØEˆ>D@€Q»À¨tŠÀ¨t•Ù½ÇGjÃoAOPÿ^\ÿSMBuÀÿþ@ÿ\1\\192.168.56.20\IPC$?????4
YWÇ®¡ãÀ¨t•À¨tŠ½Ùy
YWÇYWÇ®¡]»OLØ%³õútEO,@€d*À¨t•À¨tŠ½ÙÃoA‹ÇGžPÿ<X#ÿSMB2À˜Àé/•ÿþQ4YWÇǐãÀ¨t•À¨tŠ½ÙyYWÇYWÇǐ]»OLØ%³õútEO,@€d(À¨t•À¨tŠ½ÙÃoA²ÇG®nPû&¨#ÿSMB2À˜ÀÿþR4YWǃqãÀ¨t•À¨tŠ½ÙyYWÇYWǃq]»OLØ%³õútEO,@€d&À¨t•À¨tŠ½ÙÃoAÙÇG¾ÀP*#ÿSMB2À˜ÀÿþR4
YWÇŠ	ãÀ¨t•À¨tŠ½Ùy
YWÇYWÇŠ	]»OLØ%³õútEO,@€d$À¨t•À¨tŠ½ÙÃoBÇGÏP±#ÿSMB2À˜ÀÿþR4YWÇŒßãÀ¨t•À¨tŠ½ÙyYWÇYWÇŒß]»OLØ%³õútEO,@€d"À¨t•À¨tŠ½ÙÃoB'ÇGßdPõ7#ÿSMB2À˜ÀÿþR4YWǍ¤ãÀ¨t•À¨tŠ½ÙyYWÇYWǍ¤]»OLØ%³õútEO,@€d À¨t•À¨tŠ½ÙÃoBNÇGï¶Pä¾#ÿSMB2À˜ÀÿþR4YWÇŽhãÀ¨t•À¨tŠ½ÙyYWÇYWÇŽh]»OLØ%³õútEO,@€dÀ¨t•À¨tŠ½ÙÃoBuÇHPÔE#ÿSMB2À˜ÀÿþR4YWǏlãÀ¨t•À¨tŠ½ÙyYWÇYWǏl]»OLØ%³õútEO,@€dÀ¨t•À¨tŠ½ÙÃoBœÇHZPÃÌ#ÿSMB2À˜ÀÿþR4YWÇœSãÀ¨t•À¨tŠ½ÙyYWÇYWÇœS]»OLØ%³õútEO,@€dÀ¨t•À¨tŠ½ÙÃoBÃÇH ¬P³S#ÿSMB2À˜ÀÿþR4YWǝ-ãÀ¨t•À¨tŠ½ÙyYWÇYWǝ-]»OLØ%³õútEO, @€dÀ¨t•À¨tŠ½ÙÃoBêÇH0þP¢Ú#ÿSMB2À˜ÀÿþR4YWÇžKãÀ¨t•À¨tŠ½ÙyYWÇYWÇžK]»OLØ%³õútEO,"@€dÀ¨t•À¨tŠ½ÙÃoCÇHAPP’a#ÿSMB2À˜ÀÿþR4YWÇŸ‡ãÀ¨t•À¨tŠ½ÙyYWÇYWÇŸ‡]»OLØ%³õútEO,$@€dÀ¨t•À¨tŠ½ÙÃoC8ÇHQ¢Pè#ÿSMB2À˜ÀÿþR4YWÇ *ãÀ¨t•À¨tŠ½ÙyYWÇYWÇ *]»OLØ%³õútEO,&@€dÀ¨t•À¨tŠ½ÙÃoC_ÇHaôPqo#ÿSMB2À˜ÀÿþR4YWÇ¡ãÀ¨t•À¨tŠ½ÙyYWÇYWÇ¡]»OLØ%³õútEO,(@€dÀ¨t•À¨tŠ½ÙÃoC†ÇHrFP`ö#ÿSMB2À˜ÀÿþR4YWÇ£aãÀ¨t•À¨tŠ½ÙyYWÇYWÇ£a]»OLØ%³õútEO,*@€dÀ¨t•À¨tŠ½ÙÃoC­ÇH‚˜PP}#ÿSMB2À˜ÀÿþR4YWÇ*ãÀ¨t•À¨tŠ½ÙyYWÇYWÇ*]»OLØ%³õútEO,,@€dÀ¨t•À¨tŠ½ÙÃoCÔÇH’êP@#ÿSMB2À˜ÀÿþR4YWÇ>ãÀ¨t•À¨tŠ½ÙyYWÇYWÇ>]»OLØ%³õútEO,.@€d
À¨t•À¨tŠ½ÙÃoCûÇH£<P/‹#ÿSMB2À˜ÀÿþR4YWÇzãÀ¨t•À¨tŠ½ÙyYWÇYWÇz]»OLØ%³õútEO,0@€dÀ¨t•À¨tŠ½ÙÃoD"ÇH³ŽP#ÿSMB2À˜ÀÿþR4YWÇDãÀ¨t•À¨tŠ½ÙyYWÇYWÇD]»OLØ%³õútEO,2@€dÀ¨t•À¨tŠ½ÙÃoDIÇHÃàP™#ÿSMB2À˜ÀÿþR4YWÇ^ãÀ¨t•À¨tŠ½ÙyYWÇYWÇ^]»OLØ%³õútEO,4@€dÀ¨t•À¨tŠ½ÙÃoDpÇHÔ2Pþ#ÿSMB2À˜ÀÿþR4YWÇ
£ãÀ¨t•À¨tŠ½ÙyYWÇYWÇ
£]»OLØ%³õútEO,6@€dÀ¨t•À¨tŠ½ÙÃoD—ÇHä„Pí¦#ÿSMB2À˜ÀÿþR4YWÇ9cãÀ¨t•À¨tŠ½ÙyYWÇYWÇ9c]»OLØ%³õútEO,8@€dÀ¨t•À¨tŠ½ÙÃoD¾ÇHôÖP3Üú#ÿSMB2À˜ÀÿþR4 YWÇ:[ãÀ¨t•À¨tŠ½Ùy YWÇYWÇ:[]»OLØ%³õútEO,:@€cþÀ¨t•À¨tŠ½ÙÃoDåÇI(P3́#ÿSMB2À˜ÀÿþR4!YWÇ;cãÀ¨t•À¨tŠ½Ùy!YWÇYWÇ;c]»OLØ%³õútEO,<@€cüÀ¨t•À¨tŠ½ÙÃoEÇIzP3¼#ÿSMB2À˜ÀÿþR4"YWÇ<ôãÀ¨t•À¨tŠ½Ùy"YWÇYWÇ<ô]»OLØ%³õútEO,>@€cúÀ¨t•À¨tŠ½ÙÃoE3ÇI%ÌP3«#ÿSMB2À˜ÀÿþR4#YWÇ?ãÀ¨t•À¨tŠ½Ùy#YWÇYWÇ?]»OLØ%³õútEO,@@€cøÀ¨t•À¨tŠ½ÙÃoEZÇI6P/›#ÿSMB2À˜ÀÿþR4$YWÇC‰ãÀ¨t•À¨tŠ½Ùy$YWÇYWÇC‰]»OLØ%³õútEO,B@€cöÀ¨t•À¨tŠ½ÙÃoEÇIFpP/Š¡#ÿSMB2À˜ÀÿþR4%YWÇEãÀ¨t•À¨tŠ½Ùy%YWÇYWÇE]»OLØ%³õútEO,D@€côÀ¨t•À¨tŠ½ÙÃoE¨ÇIVÂP3z$#ÿSMB2À˜ÀÿþR4&YWÇEÚãÀ¨t•À¨tŠ½Ùy&YWÇYWÇEÚ]»OLØ%³õútEO,F@€còÀ¨t•À¨tŠ½ÙÃoEÏÇIgP3i«#ÿSMB2À˜ÀÿþR4'YWÇGlãÀ¨t•À¨tŠ½Ùy'YWÇYWÇGl]»OLØ%³õútEO,H@€cðÀ¨t•À¨tŠ½ÙÃoEöÇIwfP3Y2#ÿSMB2À˜ÀÿþR4(YWÇGåãÀ¨t•À¨tŠ½Ùy(YWÇYWÇGå]»OLØ%³õútEO,J@€cîÀ¨t•À¨tŠ½ÙÃoFÇI‡¸P3H¹#ÿSMB2À˜ÀÿþR4)YWÇI'ãÀ¨t•À¨tŠ½Ùy)YWÇYWÇI']»OLØ%³õútEO,L@€cìÀ¨t•À¨tŠ½ÙÃoFDÇI˜
P38@#ÿSMB2À˜ÀÿþR4*YWÇJ®ãÀ¨t•À¨tŠ½Ùy*YWÇYWÇJ®]»OLØ%³õútEO,N@€cêÀ¨t•À¨tŠ½ÙÃoFkÇI¨\P#'×#ÿSMB2À˜ÀÿþR4+YWÇL”ãÀ¨t•À¨tŠ½Ùy+YWÇYWÇL”]»OLØ%³õútEO,P@€cèÀ¨t•À¨tŠ½ÙÃoF’ÇI¸®Pn#ÿSMB2À˜ÀÿþR4,YWÇP…ãÀ¨t•À¨tŠ½Ùy,YWÇYWÇP…]»OLØ%³õútEO,R@€cæÀ¨t•À¨tŠ½ÙÃoF¹ÇIÉP#ÿSMB2À˜ÀÿþR4-YWÇV!ãÀ¨t•À¨tŠ½Ùy-YWÇYWÇV!]»OLØ%³õútEO,T@€cäÀ¨t•À¨tŠ½ÙÃoFàÇIÙRPûö“#ÿSMB2À˜ÀÿþR4.YWÇY¨ãÀ¨t•À¨tŠ½Ùy.YWÇYWÇY¨]»OLØ%³õútEO,V@€câÀ¨t•À¨tŠ½ÙÃoGÇIé¤Pûæ#ÿSMB2À˜ÀÿþR4/YWÇ]0ãÀ¨t•À¨tŠ½Ùy/YWÇYWÇ]0]»OLØ%³õútEO,X@€càÀ¨t•À¨tŠ½ÙÃoG.ÇIùöPûÕ¡#ÿSMB2À˜ÀÿþR40YWÇ]ßãÀ¨t•À¨tŠ½Ùy0YWÇYWÇ]ß]»OLØ%³õútEO,Z@€cÞÀ¨t•À¨tŠ½ÙÃoGUÇJ
HPÅ##ÿSMB2À˜ÀÿþR41YWÇ_îãÀ¨t•À¨tŠ½Ùy1YWÇYWÇ_î]»OLØ%³õútEO,\@€cÜÀ¨t•À¨tŠ½ÙÃoG|ÇJšPû´¯#ÿSMB2À˜ÀÿþR42YWÇaõãÀ¨t•À¨tŠ½Ùy2YWÇYWÇaõ]»OLØ%³õútEO,^@€cÚÀ¨t•À¨tŠ½ÙÃoG£ÇJ*ìPû¤6#ÿSMB2À˜ÀÿþR43YWÇdoãÀ¨t•À¨tŠ½Ùy3YWÇYWÇdo]»OLØ%³õútEO,`@€cØÀ¨t•À¨tŠ½ÙÃoGÊÇJ;>Pû“½#ÿSMB2À˜ÀÿþR44YWÇf–ãÀ¨t•À¨tŠ½Ùy4YWÇYWÇf–]»OLØ%³õútEO,b@€cÖÀ¨t•À¨tŠ½ÙÃoGñÇJKPûƒD#ÿSMB2À˜ÀÿþR45YWÇh¨ãÀ¨t•À¨tŠ½Ùy5YWÇYWÇh¨]»OLØ%³õútEO,d@€cÔÀ¨t•À¨tŠ½ÙÃoHÇJ[âPûrË#ÿSMB2À˜ÀÿþR46YWÇj¸ãÀ¨t•À¨tŠ½Ùy6YWÇYWÇj¸]»OLØ%³õútEO,f@€cÒÀ¨t•À¨tŠ½ÙÃoH?ÇJl4PûbR#ÿSMB2À˜ÀÿþR47YWÇl/ãÀ¨t•À¨tŠ½Ùy7YWÇYWÇl/]»OLØ%³õútEO,h@€cÐÀ¨t•À¨tŠ½ÙÃoHfÇJ|†PQÔ#ÿSMB2À˜ÀÿþR48YWÇqßãÀ¨t•À¨tŠ½Ùy8YWÇYWÇqß]»OLØ%³õútEO,j@€cÎÀ¨t•À¨tŠ½ÙÃoHÇJŒØPûA`#ÿSMB2À˜ÀÿþR49YWÇuéãÀ¨t•À¨tŠ½Ùy9YWÇYWÇué]»OLØ%³õútEO,l@€cÌÀ¨t•À¨tŠ½ÙÃoH´ÇJ*P0â#ÿSMB2À˜ÀÿþR4:YWÇuôãÀ¨t•À¨tŠ½Ùy:YWÇYWÇuô]»OLØ%³õútEO,n@€cÊÀ¨t•À¨tŠ½ÙÃoHÛÇJ­|P i#ÿSMB2À˜ÀÿþR4;YWÇv¨ãÀ¨t•À¨tŠ½Ùy;YWÇYWÇv¨]»OLØ%³õútEO,p@€cÈÀ¨t•À¨tŠ½ÙÃoIÇJ½ÎPð#ÿSMB2À˜ÀÿþR4<YWÇz)ãÀ¨t•À¨tŠ½Ùy<YWÇYWÇz)]»OLØ%³õútEO,r@€cÆÀ¨t•À¨tŠ½ÙÃoI)ÇJÎ Pÿv#ÿSMB2À˜ÀÿþR4=YWÇz5ãÀ¨t•À¨tŠ½Ùy=YWÇYWÇz5]»OLØ%³õútEO,t@€cÄÀ¨t•À¨tŠ½ÙÃoIPÇJÞrPîý#ÿSMB2À˜ÀÿþR4>YWÇzHãÀ¨t•À¨tŠ½Ùy>YWÇYWÇzH]»OLØ%³õútEO,v@€cÂÀ¨t•À¨tŠ½ÙÃoIwÇJîÄPބ#ÿSMB2À˜ÀÿþR4?YWÇzpãÀ¨t•À¨tŠ½Ùy?YWÇYWÇzp]»OLØ%³õútEO,x@€cÀÀ¨t•À¨tŠ½ÙÃoIžÇJÿPÎ#ÿSMB2À˜ÀÿþR4@YWÇ}ïãÀ¨t•À¨tŠ½Ùy@YWÇYWÇ}ï]»OLØ%³õútEO,z@€c¾À¨t•À¨tŠ½ÙÃoIÅÇKhP½’#ÿSMB2À˜ÀÿþR4AYWÇ~ãÀ¨t•À¨tŠ½ÙyAYWÇYWÇ~]»OLØ%³õútEO,|@€c¼À¨t•À¨tŠ½ÙÃoIìÇKºPû­#ÿSMB2À˜ÀÿþR4BYWÇMãÀ¨t•À¨tŠ½ÙyBYWÇYWÇM]»OLØ%³õútEO,~@€cºÀ¨t•À¨tŠ½ÙÃoJÇK0Pûœ¥#ÿSMB2À˜ÀÿþR4CYWǁzãÀ¨t•À¨tŠ½ÙyCYWÇYWǁz]»OLØ%³õútEO,€@€c¸À¨t•À¨tŠ½ÙÃoJ:ÇK@^PûŒ,#ÿSMB2À˜ÀÿþR4DYWÇ…pãÀ¨t•À¨tŠ½ÙyDYWÇYWÇ…p]»OLØ%³õútEO,‚@€c¶À¨t•À¨tŠ½ÙÃoJaÇKP°Pû{³#ÿSMB2À˜ÀÿþR4EYWÇ…¸ãÀ¨t•À¨tŠ½ÙyEYWÇYWÇ…¸]»OLØ%³õútEO,„@€c´À¨t•À¨tŠ½ÙÃoJˆÇKaPk5#ÿSMB2À˜ÀÿþR4FYWÇ…ÃãÀ¨t•À¨tŠ½ÙyFYWÇYWÇ…Ã]»OLØ%³õútEO,†@€c²À¨t•À¨tŠ½ÙÃoJ¯ÇKqTPZ¼#ÿSMB2À˜ÀÿþR4GYWÇ…ÍãÀ¨t•À¨tŠ½ÙyGYWÇYWÇ…Í]»OLØ%³õútEO,ˆ@€c°À¨t•À¨tŠ½ÙÃoJÖÇK¦PJC#ÿSMB2À˜ÀÿþR4HYWÇ…òãÀ¨t•À¨tŠ½ÙyHYWÇYWÇ…ò]»OLØ%³õútEO,Š@€c®À¨t•À¨tŠ½ÙÃoJýÇK‘øP9Ê#ÿSMB2À˜ÀÿþR4IYWdž•ãÀ¨t•À¨tŠ½ÙyIYWÇYWdž•]»OLØ%³õútEO,Œ@€c¬À¨t•À¨tŠ½ÙÃoK$ÇK¢JPû)V#ÿSMB2À˜ÀÿþR4JYWljPãÀ¨t•À¨tŠ½ÙyJYWÇYWljP]»OLØ%³õútEO,Ž@€cªÀ¨t•À¨tŠ½ÙÃoKKÇK²œPûÝ#ÿSMB2À˜ÀÿþR4KYWlj[ãÀ¨t•À¨tŠ½ÙyKYWÇYWlj[]»OLØ%³õútEO,@€c¨À¨t•À¨tŠ½ÙÃoKrÇKÂîPûd#ÿSMB2À˜ÀÿþR4LYWǍ™ãÀ¨t•À¨tŠ½ÙyLYWÇYWǍ™]»OLØ%³õútEO,’@€c¦À¨t•À¨tŠ½ÙÃoK™ÇKÓ@P÷å#ÿSMB2À˜ÀÿþR4MYWǍ¥ãÀ¨t•À¨tŠ½ÙyMYWÇYWǍ¥]»OLØ%³õútEO,”@€c¤À¨t•À¨tŠ½ÙÃoKÀÇKã’Pûçq#ÿSMB2À˜ÀÿþR4NYWÇ‘,ãÀ¨t•À¨tŠ½ÙyNYWÇYWÇ‘,]»OLØ%³õútEO,–@€c¢À¨t•À¨tŠ½ÙÃoKçÇKóäPûÖø#ÿSMB2À˜ÀÿþR4OYWÇ‘7ãÀ¨t•À¨tŠ½ÙyOYWÇYWÇ‘7]»OLØ%³õútEO,˜@€c À¨t•À¨tŠ½ÙÃoLÇL6PûÆ#ÿSMB2À˜Àÿþ

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-05-06-T-15-29-51-05062019.1529-3333.pcap.txt - (139929 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
05/18/2017-08:13:42.607478  [**] [1:2024297:2] ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010 [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 192.168.116.138:1586 -> 192.168.116.149:445
05/18/2017-08:13:55.978137  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.172:49359 -> 192.168.116.138:445
05/18/2017-08:13:56.225314  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.138:1936 -> 192.168.116.149:445
05/18/2017-08:13:56.225992  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:1936
05/18/2017-08:13:59.065270  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.172:49409 -> 192.168.116.138:445
05/18/2017-08:13:59.066243  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.138:445 -> 192.168.116.172:49409
05/18/2017-08:13:59.238368  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.138:2008 -> 192.168.116.149:445
05/18/2017-08:13:59.238717  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2008
05/18/2017-08:13:59.240834  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 192.168.116.138:2009 -> 192.168.116.149:445
05/18/2017-08:13:59.241313  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.313232  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.361329  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.363017  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.363743  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.363940  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.364136  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.364396  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.367699  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.367917  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.368203  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.368519  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.368682  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.369037  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.369505  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.394026  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.394046  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.394618  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.396356  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.396382  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.396707  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.407907  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.408155  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.408419  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.408820  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.409362  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.410505  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.410909  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.411098  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.411500  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.411621  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.411943  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.412334  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.412820  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.413829  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.415265  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.416168  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.417072  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.417247  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.417774  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.418293  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.418927  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.419478  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.420008  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.420536  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.420911  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.422367  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.423401  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.423412  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.423592  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.424489  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.424501  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.424520  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.424560  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.425455  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.425473  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.425805  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.426362  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.427376  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.427448  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.427459  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.427469  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.427506  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.427669  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.428368  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.428379  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.429465  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:2009
05/18/2017-08:13:59.429477  [**] [1:2024216:1] ET EXPLOIT Possible DOUBLEPULSAR Beacon Response [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.116.149:445 -> 192.168.116.138:

This file has been truncated. Go here to download in full.


stats.log - (2243 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
------------------------------------------------------------------------------------
Date: 5/6/2019 -- 15:29:51 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3483
decoder.bytes                              | Total                     | 3004537
decoder.ipv4                               | Total                     | 3483
decoder.ethernet                           | Total                     | 3483
decoder.tcp                                | Total                     | 3483
decoder.avg_pkt_size                       | Total                     | 862
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 25
tcp.sessions                               | Total                     | 6
tcp.syn                                    | Total                     | 6
tcp.synack                                 | Total                     | 6
tcp.rst                                    | Total                     | 24
detect.alert                               | Total                     | 657
detect.mpm_list                            | Total                     | 13
detect.nonmpm_list                         | Total                     | 3
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 11
app_layer.flow.smb                         | Total                     | 5
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7081504


eve.json - (274431 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
{"timestamp":"2017-05-18T08:13:42.607478+0000","flow_id":1284851675579628,"pcap_cnt":4,"event_type":"alert","src_ip":"192.168.116.138","src_port":1586,"dest_ip":"192.168.116.149","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024297,"rev":2,"signature":"ET EXPLOIT ETERNALBLUE Exploit M2 MS17-010","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2017-05-18T08:13:55.978137+0000","flow_id":305575510607468,"pcap_cnt":189,"event_type":"alert","src_ip":"192.168.116.172","src_port":49359,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:56.225314+0000","flow_id":1466518055700191,"pcap_cnt":203,"event_type":"alert","src_ip":"192.168.116.138","src_port":1936,"dest_ip":"192.168.116.149","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:56.225992+0000","flow_id":1466518055700191,"pcap_cnt":206,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":1936,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.065270+0000","flow_id":1687275079991000,"pcap_cnt":217,"event_type":"alert","src_ip":"192.168.116.172","src_port":49409,"dest_ip":"192.168.116.138","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.066243+0000","flow_id":1687275079991000,"pcap_cnt":220,"event_type":"alert","src_ip":"192.168.116.138","src_port":445,"dest_ip":"192.168.116.172","dest_port":49409,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.238368+0000","flow_id":373240573172245,"pcap_cnt":231,"event_type":"alert","src_ip":"192.168.116.138","src_port":2008,"dest_ip":"192.168.116.149","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.238717+0000","flow_id":373240573172245,"pcap_cnt":234,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2008,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.240834+0000","flow_id":1343714203510610,"pcap_cnt":245,"event_type":"alert","src_ip":"192.168.116.138","src_port":2009,"dest_ip":"192.168.116.149","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.241313+0000","flow_id":1343714203510610,"pcap_cnt":248,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.313232+0000","flow_id":1343714203510610,"pcap_cnt":253,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.361329+0000","flow_id":1343714203510610,"pcap_cnt":258,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.363017+0000","flow_id":1343714203510610,"pcap_cnt":263,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.363743+0000","flow_id":1343714203510610,"pcap_cnt":268,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.363940+0000","flow_id":1343714203510610,"pcap_cnt":273,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.364136+0000","flow_id":1343714203510610,"pcap_cnt":278,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.364396+0000","flow_id":1343714203510610,"pcap_cnt":283,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.367699+0000","flow_id":1343714203510610,"pcap_cnt":288,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.367917+0000","flow_id":1343714203510610,"pcap_cnt":293,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.368203+0000","flow_id":1343714203510610,"pcap_cnt":298,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.368519+0000","flow_id":1343714203510610,"pcap_cnt":303,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.368682+0000","flow_id":1343714203510610,"pcap_cnt":308,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.369037+0000","flow_id":1343714203510610,"pcap_cnt":313,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.369505+0000","flow_id":1343714203510610,"pcap_cnt":318,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.394026+0000","flow_id":1343714203510610,"pcap_cnt":323,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.394046+0000","flow_id":1343714203510610,"pcap_cnt":328,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.394618+0000","flow_id":1343714203510610,"pcap_cnt":333,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.396356+0000","flow_id":1343714203510610,"pcap_cnt":338,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.396382+0000","flow_id":1343714203510610,"pcap_cnt":343,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.396707+0000","flow_id":1343714203510610,"pcap_cnt":348,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.407907+0000","flow_id":1343714203510610,"pcap_cnt":353,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.408155+0000","flow_id":1343714203510610,"pcap_cnt":358,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.408419+0000","flow_id":1343714203510610,"pcap_cnt":363,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.408820+0000","flow_id":1343714203510610,"pcap_cnt":368,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.409362+0000","flow_id":1343714203510610,"pcap_cnt":373,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.410505+0000","flow_id":1343714203510610,"pcap_cnt":378,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.410909+0000","flow_id":1343714203510610,"pcap_cnt":383,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.411098+0000","flow_id":1343714203510610,"pcap_cnt":388,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.411500+0000","flow_id":1343714203510610,"pcap_cnt":393,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"dest_ip":"192.168.116.138","dest_port":2009,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024216,"rev":1,"signature":"ET EXPLOIT Possible DOUBLEPULSAR Beacon Response","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-05-18T08:13:59.411621+0000","flow_id":1343714203510610,"pcap_cnt":398,"event_type":"alert","src_ip":"192.168.116.149","src_port":445,"des

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-05-06-T-15-29-51-05062019.1529-3333.pcap.txt - (42837 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/6/2019 -- 15:29:51. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2020764      1        2        1299993      0.31   39       0        282936      33333.15    0.00        33333.15   
  2        2018059      1        2        2825191      0.68   67       0        182458      42167.03    0.00        42167.03   
  3        2012094      1        2        31152803     7.47   802      0        142739      38843.89    0.00        38843.89   
  4        2018066      1        2        1611470      0.39   31       0        124182      51982.90    0.00        51982.90   
  5        2103001      1        5        2486917      0.60   822      0        121745      3025.45     0.00        3025.45    
  6        2018067      1        3        1837457      0.44   32       0        120837      57420.53    0.00        57420.53   
  7        2810020      1        2        24684622     5.92   822      0        119956      30029.95    0.00        30029.95   
  8        2809487      1        2        5482188      1.31   1885     0        108970      2908.32     0.00        2908.32    
  9        2020795      1        2        1082590      0.26   36       0        108627      30071.94    0.00        30071.94   
  10       2020784      1        2        1786666      0.43   65       0        106983      27487.17    0.00        27487.17   
  11       2816515      1        3        3286118      0.79   80       0        105380      41076.47    0.00        41076.47   
  12       2018060      1        2        2080682      0.50   36       0        101531      57796.72    0.00        57796.72   
  13       2024430      1        3        24133591     5.78   805      0        101374      29979.62    0.00        29979.62   
  14       2800794      1        5        24256030     5.81   802      0        101197      30244.43    0.00        30244.43   
  15       2024217      1        2        11018518     2.64   805      0        98755       13687.60    0.00        13687.60   
  16       2102465      1        9        118006       0.03   2        1        98412       59003.00    98412.00    19594.00   
  17       2018061      1        2        2016655      0.48   36       0        95531       56018.19    0.00        56018.19   
  18       2024219      1        1        10715269     2.57   805      0        94957       13310.89    0.00        13310.89   
  19       2018064      1        2        2063733      0.49   37       0        93745       55776.57    0.00        55776.57   
  20       2800796      1        5        23572891     5.65   802      0        93698       29392.63    0.00        29392.63   
  21       2001263      1        5        2185601      0.52   163      0        91803       13408.60    0.00        13408.60   
  22       2102190      1        5        5641963      1.35   1947     0        91770       2897.77     0.00        2897.77    
  23       2024777      1        2        2049323      0.49   667      0        88735       3072.45     0.00        3072.45    
  24       2020799      1        2        1498385      0.36   52       0        88562       28815.10    0.00        28815.10   
  25       2018065      1        2        2080152      0.50   38       0        88475       54740.84    0.00        54740.84   
  26       2018062      1        2        1822024      0.44   35       0        88035       52057.83    0.00        52057.83   
  27       2021716      1        1        1175754      0.28   41       0        80904       28676.93    0.00        28676.93   
  28       2024216      1        1        22280740     5.34   672      651      80803       33155.86    33612.54    18998.81   
  29       2023611      1        3        1366039      0.33   39       0        80350       35026.64    0.00        35026.64   
  30       2022773      1        2        1388117      0.33   50       0        77311       27762.34    0.00        27762.34   
  31       2020693      1        1        1248013      0.30   44       0        76901       28363.93    0.00        28363.93   
  32       2017877      1        3        1226150      0.29   41       0        75691       29906.10    0.00        29906.10   
  33       2018063      1        3        1969114      0.47   36       0        73407       54697.61    0.00        54697.61   
  34       2023349      1        2        548369       0.13   45       0        72488       12185.98    0.00        12185.98   
  35       2022024      1        1        303207       0.07   82       0        71543       3697.65     0.00        3697.65    
  36       2018068      1        2        2026590      0.49   39       0        69385       51963.85    0.00        51963.85   
  37       2019602      1        1        1281802      0.31   47       0        67975       27272.38    0.00        27272.38   
  38       2102954      1        4        91738        0.02   2        0        67160       45869.00    0.00        45869.00   
  39       2020774      1        2        1033866      0.25   38       0        66475       27207.00    0.00        27207.00   
  40       2828876      1        1        6238161      1.49   2034     0        66004       3066.94     0.00        3066.94    
  41       2020613      1        3        1050776      0.25   37       0        64400       28399.35    0.00        28399.35   
  42       2020779      1        3        1258662      0.30   44       0        63813       28605.95    0.00        28605.95   
  43       2018069      1        1        1205440      0.29   45       0        62317       26787.56    0.00        26787.56   
  44       2018636      1        2        1128308      0.27   42       0        61974       26864.48    0.00        26864.48   
  45       2018639      1        2        953905       0.23   39       0        61424       24459.10    0.00        24459.10   
  46       2018880      1        2        1177933      0.28   42       0        61413       28046.02    0.00        28046.02   
  47       2020777      1        2        872476       0.21   31       0        60324       28144.39    0.00        28144.39   
  48       2020767      1        2        935429       0.22   35       0        60163       26726.54    0.00        26726.54   
  49       2020770      1        2        1015135      0.24   35       0        60134       29003.86    0.00        29003.86   
  50       2018032      1        2        1103210      0.26   41       0        59974       26907.56    0.00        26907.56   
  51       2815451      1        2        10894922     2.61   825      0        59485       13205.97    0.00        13205.97   
  52       2020791      1        3        714648       0.17   27       0        58694       26468.44    0.00        26468.44   
  53       2018054      1        1        1367547      0.33   48       0        58250       28490.56    0.00        28490.56   
  54       2020765      1        2        1022103      0.24   38       0        57892       26897.45    0.00        26897.45   
  55       2103019      1        5        2501278      0.60   822      0        57635       3042.92     0.00        3042.92    
  56       2018076      1        3        866110       0.21   40       0        56336       21652.75    0.00        21652.75   
  57       2019083      1        2        1115009      0.27   39       0        55454       28589.97    0.00        28589.97   
  58       2018637      1        2        1020992      0.24   37       0        54997       27594.38    0.00        27594.38   
  59       2018638      1        2        1120767      0.27   42       0        54806       26684.93    0.00        26684.93   
  60       2020766      1        2        875539       0.21   32       0        53358       27360.59    0.00        27360.59   
  61       2020773      1        2        946283       0.23   35       0        52984       27036.66    0.00        27036.66   
  62       2102979      1        4        219043       0.05   8        0        51947       27380.38    0.00        27380.38   
  63       2100327      1        10       2135045      0.51   677      0        51742       3153.69     0.00        3153.69    
  64       2020611      1        4        1057398      0.25   38       0        50269       27826.26    0.00        27826.26   
  65       2017915      1        2        1118761      0.27   40       0        50004       27969.03    0.00        27969.03   
  66       2020797      1        2        1172699      0.28   43       0        49748       27272.07    0.00        27272.07   
  67       2017548      1        6        904675       0.22   39       0        49459       23196.79    0.00        23196.79   
  68       2018075      1        3        1119592      0.27   41       0        49352       27307.12    0.00        27307.12   
  69       2103158      1        6        2604662      0.62   885      0        49326       2943.12     0.00        2943.12    
  70       2018057      1        4        1039800      0.25   37       0        49046       28102.70    0.00        28102.70   
  71       2021753      1        3        1133525      0.27   41       0        48709       27646.95    0.00        27646.95   
  72       2020771      1        2        1141622      0.27   44       0        48635       25945.95    0.00        25945.95   
  73       2020796      1        2        889943       0.21   33       0        48340       26967.97    0.00        26967.97   
  74       2020787      1        2        1039736      0.25   40       0        47601       25993.40    0.00        25993.40   
  75       2020614      1        2        868965       0.21   33       0        46986       26332.27    0.00        26332.27   
  76       2017914      1        2        872734       0.21   33       0        46919       26446.48    0.00        26446.48   
  77       2021978      1        6        1913465      0.46   656      0        46787       2916.87     0.00        2916.87    
  78       2018372      1        2        1250552      0.30   84       0        46758       14887.52    0.00        14887.52   
  79       2018287      1        2        1040413      0.25   44       0        46459       23645.75    0.00        23645.75   
  80       2018013      1        3        1078716      0.26   39       0        46355       27659.38    0.00        27659.38   
  81       2017707      1        4        1007366      0.24   39       0        46040       25829.90    0.00        25829.90   
  82       2020793      1        2        1108999      0.27   43       0        45944       25790.67    0.00        25790.67   
  83       2102471      1        12       235306       0.06   10       0        45784       23530.60    0.00        23530.60   
  84       2020782      1        2        1089705      0.26   42       0        45767       25945.36    0.00        25945.36   
  85       2020776      1        2        1155713      0.28   44       0        45454       26266.20    0.00        26266.20   
  86       2020214      1        1        441137       0.11   39       0        45364       11311.21    0.00        11311.21   
  87       2020608      1        4        910970       0.22   33       0        45344       27605.15    0.00        27605.15   
  88       2020768      1        2        1035186      0.25   39       0        45284       26543.23    0.00        26543.23   
  89       2020790      1        2        928448       0.22   35       0        44767       26527.09    0.00        26527.09   
  90       2102466      1        9        250276       0.06   8        4        44598       31284.50    43190.25    19378.75   
  91       2008306      1        3        2523415      0.60   825      0        44460       3058.68     0.00        3058.68    
  92       2020778      1        2        827863       0.20   32       0        44439       25870.72    0.00        25870.72   
  93       2020607      1        3        835738       0.20   30       0        44138       27857.93    0.00        27857.93   
  94       2020763      1        2        746957       0.18   27       0        44093       27665.07    0.00        27665.07   
  95       2020785      1        3        704741       0.17   27       0        44040       26101.52    0.00        26101.52   
  96       2018166      1        3        1156736      0.28   44       0        43940       26289.45    0.00        26289.45   
  97       2805141      1        4        23437819     5.62   4031     0        43856       5814.39     0.00        5814.39    
  98       2020692      1        1        1358015      0.33   51       0        43732       26627.75    0.00        26627.75   
  99       2020794      1        2        1179146      0.28   44       0        43719       26798.77    0.00        26798.77   
  100      2015986      1        5        5593353      1.34   1969     0        43285       2840.71     0.00        2840.71    
  101      2020788      1        2        963446       0.23   37       0        42734       26039.08    0.00        26039.08   
  102      2016922      1        12       1120106      0.27   41       0        42329       27319.66    0.00        27319.66   
  103      2020781      1        5        709338       0.17   27       0        42223       26271.78    0.00        26271.78   
  104      2018077      1        5        1193344      0.29   45       0        41856       26518.76    0.00        26518.76   
  105      2020612      1        3        858153       0.21   33       0        41678       26004.64    0.00        26004.64   
  106      2102472      1        11       225613       0.05   8        0        41213       28201.62    0.00        28201.62   
  107      2020586      1        3        997265       0.24   37       0        41028       26953.11    0.00        26953.11   
  108      2017934      1        4        846402       0.20   39       0        40857       21702.62    0.00        21702.62   
  109      2020775      1        2        806320       0.19   30       0        40519       26877.33    0.00        26877.33   
  110      2807546      1        6        1967921      0.47   674      0        40437       2919.76     0.00        2919.76    
  111      2020691      1        1        779266       0.19   29       0        40335       26871.24    0.00        26871.24   
  112      2020694      1        1        827883       0.20   32       0        40170       25871.34    0.00        25871.34   
  113      2020780      1        2        1144376      0.27   44       0        40160       26008.55    0.00        26008.55   
  114      2020798      1        2        882080       0.21   33       0        40059       26729.70    0.00        26729.70   
  115      2020696      1        1        1127308      0.27   43       0        40012       26216.47    0.00        26216.47   
  116      2020792      1        2        814267       0.20   30       0        39827       27142.23    0.00        27142.23   
  117      2017944      1        5        1043232      0.25   60       0        39823       17387.20    0.00        17387.20   
  118      2020610      1        3        657907       0.16   25       0        39744       26316.28    0.00        26316.28   
  119      2021065      1        2        857586       0.21   34       0        39722       25223.12    0.00        25223.12   
  120      2020800      1        2        758691       0.18   28       0        39499       27096.11    0.00        27096.11   
  121      2020606      1        4        796286       0.19   31       0        39426       25686.65    0.00        25686.65   
  122      2025090      1        1        225739       0.05   8        4        39090       28217.38    35368.00    21066.75   
  123      2020772      1        2        1153429      0.28   44       0        39087       26214.30    0.00        26214.30   
  124      2020695      1        1        965454       0.23   37       0        38792       26093.35    0.00        26093.35   
  125      2017913      1        3        11

This file has been truncated. Go here to download in full.


keyword_perf.log - (6077 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/6/2019 -- 15:29:51
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            19119           6               6               3800            3186.00         3186.00         0.00           
  flow             2192087         684             684             53238           3204.00         3204.00         0.00           
  threshold        87029           14              0               37300           6216.00         0.00            6216.00        
  content          114456948       28038           15685           91693           4082.00         4806.00         3161.00        
  pcre             4800495         1098            660             47285           4372.00         3865.00         5135.00        
  byte_test        11014307        3705            2377            68821           2972.00         3015.00         2896.00        
  byte_jump        14458490        4782            1172            61819           3023.00         2986.00         3035.00        
  flowbits         92295           13              13              53678           7099.00         7099.00         0.00           
  byte_extract     373135          101             101             19864           3694.00         3694.00         0.00           
  dce_iface        5609838         1965            0               36138           2854.00         0.00            2854.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            19119           6               6               3800            3186.00         3186.00         0.00           
  flow             2192087         684             684             53238           3204.00         3204.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          114456948       28038           15685           91693           4082.00         4806.00         3161.00        
  pcre             4800495         1098            660             47285           4372.00         3865.00         5135.00        
  byte_test        11014307        3705            2377            68821           2972.00         3015.00         2896.00        
  byte_jump        14458490        4782            1172            61819           3023.00         2986.00         3035.00        
  byte_extract     373135          101             101             19864           3694.00         3694.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         92295           13              13              53678           7099.00         7099.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        87029           14              0               37300           6216.00         0.00            6216.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dce_generic
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dce_iface        5609838         1965            0               36138           2854.00         0.00            2854.00        


IDSDeathBlossom.py.log - (1144 bytes) - download
1
2
3
4
5
6
7
8
2019-05-06 15:29:28,350 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-06 15:29:29,065 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-06 15:29:29,065 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-06 15:29:29,066 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-06 15:29:29,066 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-06 15:29:29,066 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a34a3717d9ed8f0cad94b44a9aca4ee756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05062019.1529-3333.pcap -vvv -k none
2019-05-06 15:29:51,315 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-06 15:29:51,316 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.9737930298