Filename: 47d9534d-8447-4d6b-b832-368a5b986a94.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.7118840218 seconds
Hash: a48827fb10dc44191437e6253df6f4b2
Uploaded: 1549279993

Logfiles


packet_stats.log - (17264 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          4030           131809      371125273     283783371       1143.6b   97.09
 IPv4      17            31         10028351      312350792     152862646          4.7b    0.40
 IPv6      17            64         11119998      373103363     305957251         19.6b    1.66
 IPv6      58            31        277070557      372451062     319919160          9.9b    0.84
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          4030            68858       11270648        119042        479.7m   81.72
TMM_FLOWWORKER              IPv4      17            31           118780        5229822        435319         13.5m    2.30
TMM_RECEIVEPCAPFILE         IPv4       6          4024             2540       15830682          6889         27.7m    4.72
TMM_RECEIVEPCAPFILE         IPv4      17            31             2551           9891          3153         97.8k    0.02
TMM_DECODEPCAPFILE          IPv4       6          4024             2651       19198427         13127         52.8m    9.00
TMM_DECODEPCAPFILE          IPv4      17            31             2680          42971          4197        130.1k    0.02
TMM_FLOWWORKER              IPv6      17            64           109111         306711        158143         10.1m    1.72
TMM_FLOWWORKER              IPv6      58            31            66198         100097         74426          2.3m    0.39
TMM_RECEIVEPCAPFILE         IPv6      17            64             2559           3421          2717        174.0k    0.03
TMM_RECEIVEPCAPFILE         IPv6      58            31             2556           3095          2674         82.9k    0.01
TMM_DECODEPCAPFILE          IPv6      17            64             2709          14472          3340        213.8k    0.04
TMM_DECODEPCAPFILE          IPv6      58            31             2707          13433          3706        114.9k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          4024             2665        6861365          4889         19.7m  4.56  
flow                    IPv4      17            31             2825          22926          4288        132.9k  0.03  
stream                  IPv4       6          4030             2671         592302          6398         25.8m  5.97  
app-layer               IPv4      17            31             2532          39776          6109        189.4k  0.04  
detect                  IPv4       6          4030            45143       11235544         86579        348.9m  80.82 
detect                  IPv4      17            31           102472        5207687        406829         12.6m  2.92  
tcp-prune               IPv4       6          4030             2540          48972          3234         13.0m  3.02  
flow                    IPv6      17            64             2823          17954          3864        247.4k  0.06  
flow                    IPv6      58            31             2826           5573          3126         96.9k  0.02  
app-layer               IPv6      17            64             2525          29417          4698        300.7k  0.07  
detect                  IPv6      17            64            91960         285984        138035          8.8m  2.05  
detect                  IPv6      58            31            55325          88906         61661          1.9m  0.44  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            29560          31691         30625         61.3k  43.13 
tls                     IPv4       6             5             2803          13678          5089         25.4k  17.92 
dns                     IPv4      17             2            10040          13296         11668         23.3k  16.43 
tls                     IPv6      17            11             2908           2908          2908         32.0k  22.52 
Proto detect            IPv4      17             6             2840          26551         11828         71.0k
Proto detect            IPv6      17            15             2769           7325          3645         54.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2            74020         107058         90539        181.1k  11.39 
LOGGER_JSON_HTTP            IPv4       6             1           134036         134036        134036        134.0k  8.43  
LOGGER_JSON_TLS             IPv4       6             5           124140         433664        195094        975.5k  61.37 
LOGGER_JSON_FILE            IPv4       6             1           299026         299026        299026        299.0k  18.81 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           107             2595        6798888        116403        12.5m  54.03 
payload                           IPv4      17            31             3341          65654         16829       521.7k  2.26  
stream                            IPv4       6           107             2540         643403         44741         4.8m  20.77 
http_uri                          IPv4       6             1            25937          25937         25937        25.9k  0.11  
http_request_line                 IPv4       6             1            14059          14059         14059        14.1k  0.06  
http_client_body                  IPv4       6             1            14468          14468         14468        14.5k  0.06  
http_header (request)             IPv4       6             1            82137          82137         82137        82.1k  0.36  
http_header (request trailer)     IPv4       6             1             2820           2820          2820         2.8k  0.01  
http_header_names (request)       IPv4       6             1            23788          23788         23788        23.8k  0.10  
http_accept (request)             IPv4       6             1             4302           4302          4302         4.3k  0.02  
http_referer (request)            IPv4       6             1             3430           3430          3430         3.4k  0.01  
http_content_len (request)        IPv4       6             1             3505           3505          3505         3.5k  0.02  
http_content_type (request)       IPv4       6             1             3433           3433          3433         3.4k  0.01  
http_protocol (request)           IPv4       6             1             5684           5684          5684         5.7k  0.02  
http_start (request)              IPv4       6             1            14066          14066         14066        14.1k  0.06  
http_raw_header (request)         IPv4       6             1            21795          21795         21795        21.8k  0.09  
http_method                       IPv4       6             1             6396           6396          6396         6.4k  0.03  
http_cookie (request)             IPv4       6             1             3867           3867          3867         3.9k  0.02  
http_raw_uri                      IPv4       6             1             6551           6551          6551         6.6k  0.03  
http_user_agent                   IPv4       6             1            15910          15910         15910        15.9k  0.07  
http_host                         IPv4       6             1            11574          11574         11574        11.6k  0.05  
dns_query                         IPv4      17             1            14925          14925         14925        14.9k  0.06  
tls_sni                           IPv4       6             5             3043           3509          3281        16.4k  0.07  
http_response_line                IPv4       6             1            10692          10692         10692        10.7k  0.05  
http_header (response)            IPv4       6             1            58386          58386         58386        58.4k  0.25  
http_header (response trailer)    IPv4       6             1             8856           8856          8856         8.9k  0.04  
http_content_type (response)      IPv4       6             1            10225          10225         10225        10.2k  0.04  
http_raw_header (response)        IPv4       6            47             4590          14187          5289       248.6k  1.08  
http_cookie (response)            IPv4       6             1             3840           3840          3840         3.8k  0.02  
http_stat_code                    IPv4       6             1             5574           5574          5574         5.6k  0.02  
tls_cert_issuer                   IPv4       6             5             8268           8964          8616        43.1k  0.19  
tls_cert_subject                  IPv4       6             5             9027          11023          9591        48.0k  0.21  
tls_cert_serial                   IPv4       6             5             5736           6848          6213        31.1k  0.13  
file_data (http response)         IPv4       6            46             2578        1224090         85456         3.9m  17.05 
Total                             IPv4                   383                                         58638        22.5m
payload                           IPv6      17            64             3174          40666          7371       471.8k  2.05  
payload                           IPv6      58            31             2704           9913          3935       122.0k  0.53  
Total                             IPv6                    95                                          6250       593.8k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            12            17282          81237         47112        565.3k  0.17  
PROF_DETECT_IPONLY          IPv4      17             6            38053         174009         80890        485.3k  0.15  
PROF_DETECT_RULES           IPv4       6          4030             2529        8726616          9884         39.8m  11.93 
PROF_DETECT_RULES           IPv4      17            31            44775         325307        135822          4.2m  1.26  
PROF_DETECT_STATEFUL_START    IPv4       6            32             5109        1203931         93231          3.0m  0.89  
PROF_DETECT_STATEFUL_CONT    IPv4       6          4030             2524         112760          6272         25.3m  7.57  
PROF_DETECT_STATEFUL_CONT    IPv4      17            31             2516           6303          3004         93.1k  0.03  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          4006             2551        4714408          4570         18.3m  5.48  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             2678           2986          2832          5.7k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          4030             8007        7800768         23368         94.2m  28.21 
PROF_DETECT_PREFILTER       IPv4      17            31            24083        5085401        204981          6.4m  1.90  
PROF_DETECT_PF_PAYLOAD      IPv4       6           107            17937        6810918        169403         18.1m  5.43  
PROF_DETECT_PF_PAYLOAD      IPv4      17            31             8491          70784         22130        686.0k  0.21  
PROF_DETECT_PF_TX           IPv4       6          4006             2569        7747863          6173         24.7m  7.41  
PROF_DETECT_PF_TX           IPv4      17             1            20743          20743         20743         20.7k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6            80             2548          17531          3312        265.0k  0.08  
PROF_DETECT_PF_SORT1        IPv4      17            31             2621        5056908        166810          5.2m  1.55  
PROF_DETECT_PF_SORT2        IPv4       6          4030             2518        2741400          3449         13.9m  4.16  
PROF_DETECT_PF_SORT2        IPv4      17            31             2549          14099          3668        113.7k  0.03  
PROF_DETECT_NONMPMLIST      IPv4       6          4030             2551       11159203          5735         23.1m  6.92  
PROF_DETECT_NONMPMLIST      IPv4      17            31             2519         291650         12247        379.7k  0.11  
PROF_DETECT_ALERT           IPv4       6          4030             2524          33808          2725         11.0m  3.29  
PROF_DETECT_ALERT           IPv4      17            31             2535          11576          3032         94.0k  0.03  
PROF_DETECT_CLEANUP         IPv4       6          4030             2563         102167          2864         11.5m  3.46  
PROF_DETECT_CLEANUP         IPv4      17            31             2525           6192          2950         91.5k  0.03  
PROF_DETECT_GETSGH          IPv4       6          4030             2523       10009548          5455         22.0m  6.59  
PROF_DETECT_GETSGH          IPv4      17            31             2533          50721          4878        151.2k  0.05  
PROF_DETECT_IPONLY          IPv6      17            15             2958          11814          4227         63.4k  0.02  
PROF_DETECT_IPONLY          IPv6      58             1             9696           9696          9696          9.7k  0.00  
PROF_DETECT_RULES           IPv6      17            64            33505         168939         67592          4.3m  1.30  
PROF_DETECT_RULES           IPv6      58            31             2535          10145          3610        111.9k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv6      17            64             2520           3548          2794        178.8k  0.05  
PROF_DETECT_STATEFUL_CONT    IPv6      58            31             2737           3590          2834         87.9k  0.03  
PROF_DETECT_PREFILTER       IPv6      17            64            23986          80837         30786          2.0m  0.59  
PROF_DETECT_PREFILTER       IPv6      58            31            18431          44675         21548        668.0k  0.20  
PROF_DETECT_PF_PAYLOAD      IPv6      17            64             8324          45767         12660        810.3k  0.24  
PROF_DETECT_PF_PAYLOAD      IPv6      58            31             7806          33832          9885        306.5k  0.09  
PROF_DETECT_PF_SORT1        IPv6      17            64             2612          17801          3462        221.6k  0.07  
PROF_DETECT_PF_SORT2        IPv6      17            64             2551          19489          3049        195.2k  0.06  
PROF_DETECT_PF_SORT2        IPv6      58            31             2523           3483          2663         82.6k  0.02  
PROF_DETECT_NONMPMLIST      IPv6      17            64             2533          18109          3087    

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-02-04-T-11-33-36-02042019.1133-47d9534d-8447-4d6b-b832-368a5b986a94.pcap.txt - (26453 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 2/4/2019 -- 11:33:36. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2801930      1        7        1572688      10.05  1        0        1572688     1572688.00  0.00        1572688.00 
  2        2820157      1        2        321255       2.05   1        0        321255      321255.00   0.00        321255.00  
  3        2820158      1        2        319864       2.04   1        0        319864      319864.00   0.00        319864.00  
  4        2819664      1        2        696666       4.45   4        0        272961      174166.50   0.00        174166.50  
  5        2819930      1        2        680539       4.35   4        0        270247      170134.75   0.00        170134.75  
  6        2020865      1        3        469766       3.00   4        0        164919      117441.50   0.00        117441.50  
  7        2802205      1        3        208802       1.33   28       0        131605      7457.21     0.00        7457.21    
  8        2803657      1        5        198637       1.27   2        0        111759      99318.50    0.00        99318.50   
  9        2804927      1        2        101728       0.65   1        0        101728      101728.00   0.00        101728.00  
  10       2018005      1        6        293660       1.88   5        0        100221      58732.00    0.00        58732.00   
  11       2023476      1        5        424421       2.71   5        0        99591       84884.20    0.00        84884.20   
  12       2805348      1        4        650771       4.16   12       0        89918       54230.92    0.00        54230.92   
  13       2822213      1        2        279966       1.79   5        0        70347       55993.20    0.00        55993.20   
  14       2801929      1        7        68518        0.44   1        0        68518       68518.00    0.00        68518.00   
  15       2814978      1        2        325592       2.08   5        0        66361       65118.40    0.00        65118.40   
  16       2814979      1        2        306235       1.96   5        0        64224       61247.00    0.00        61247.00   
  17       2022535      1        11       251264       1.61   5        0        62641       50252.80    0.00        50252.80   
  18       2022627      1        12       273286       1.75   5        0        60163       54657.20    0.00        54657.20   
  19       2023818      1        2        58882        0.38   1        1        58882       58882.00    58882.00    0.00       
  20       2016537      1        2        318115       2.03   19       0        57887       16742.89    0.00        16742.89   
  21       2802987      1        5        51994        0.33   1        0        51994       51994.00    0.00        51994.00   
  22       2821014      1        13       51097        0.33   1        0        51097       51097.00    0.00        51097.00   
  23       2815664      1        3        50744        0.32   1        0        50744       50744.00    0.00        50744.00   
  24       2024771      1        1        266178       1.70   47       0        49630       5663.36     0.00        5663.36    
  25       2828823      1        2        164010       1.05   5        0        39429       32802.00    0.00        32802.00   
  26       2019832      1        4        185021       1.18   5        0        39131       37004.20    0.00        37004.20   
  27       2020613      1        3        38035        0.24   1        0        38035       38035.00    0.00        38035.00   
  28       2828748      1        2        44150        0.28   3        0        37746       14716.67    0.00        14716.67   
  29       2816356      1        2        36357        0.23   1        0        36357       36357.00    0.00        36357.00   
  30       2824636      1        2        114914       0.73   5        0        36278       22982.80    0.00        22982.80   
  31       2809850      1        2        30539        0.20   1        0        30539       30539.00    0.00        30539.00   
  32       2020785      1        3        29226        0.19   1        0        29226       29226.00    0.00        29226.00   
  33       2821615      1        2        29077        0.19   1        0        29077       29077.00    0.00        29077.00   
  34       2807878      1        2        28149        0.18   1        0        28149       28149.00    0.00        28149.00   
  35       2020698      1        2        28111        0.18   1        0        28111       28111.00    0.00        28111.00   
  36       2010140      1        7        322428       2.06   92       0        27780       3504.65     0.00        3504.65    
  37       2020766      1        2        27384        0.17   1        0        27384       27384.00    0.00        27384.00   
  38       2018057      1        4        26400        0.17   1        0        26400       26400.00    0.00        26400.00   
  39       2020800      1        2        25790        0.16   1        0        25790       25790.00    0.00        25790.00   
  40       2020798      1        2        25588        0.16   1        0        25588       25588.00    0.00        25588.00   
  41       2018880      1        2        25127        0.16   1        0        25127       25127.00    0.00        25127.00   
  42       2020790      1        2        24971        0.16   1        0        24971       24971.00    0.00        24971.00   
  43       2020695      1        1        24926        0.16   1        0        24926       24926.00    0.00        24926.00   
  44       2020770      1        2        24919        0.16   1        0        24919       24919.00    0.00        24919.00   
  45       2020692      1        1        24890        0.16   1        0        24890       24890.00    0.00        24890.00   
  46       2022552      1        2        69897        0.45   3        0        24773       23299.00    0.00        23299.00   
  47       2007880      1        7        23880        0.15   1        0        23880       23880.00    0.00        23880.00   
  48       2806802      1        2        107897       0.69   5        0        23838       21579.40    0.00        21579.40   
  49       2827279      1        5        23832        0.15   1        0        23832       23832.00    0.00        23832.00   
  50       2017552      1        6        278647       1.78   20       0        23699       13932.35    0.00        13932.35   
  51       2012612      1        16       23453        0.15   1        0        23453       23453.00    0.00        23453.00   
  52       2024909      1        2        44645        0.29   2        0        23261       22322.50    0.00        22322.50   
  53       2816165      1        5        22902        0.15   1        0        22902       22902.00    0.00        22902.00   
  54       2829625      1        2        22893        0.15   1        0        22893       22893.00    0.00        22893.00   
  55       2022502      1        4        22888        0.15   1        0        22888       22888.00    0.00        22888.00   
  56       2810481      1        4        84921        0.54   4        0        22887       21230.25    0.00        21230.25   
  57       2018667      1        3        22718        0.15   1        0        22718       22718.00    0.00        22718.00   
  58       2826256      1        2        22656        0.14   1        0        22656       22656.00    0.00        22656.00   
  59       2012707      1        5        22581        0.14   1        0        22581       22581.00    0.00        22581.00   
  60       2014701      1        12       25091        0.16   2        0        22449       12545.50    0.00        12545.50   
  61       2830036      1        1        22300        0.14   1        0        22300       22300.00    0.00        22300.00   
  62       2020787      1        2        21995        0.14   1        0        21995       21995.00    0.00        21995.00   
  63       2828008      1        2        21690        0.14   1        0        21690       21690.00    0.00        21690.00   
  64       2806659      1        4        21458        0.14   1        0        21458       21458.00    0.00        21458.00   
  65       2009702      1        5        23963        0.15   2        0        21397       11981.50    0.00        11981.50   
  66       2014519      1        7        21117        0.13   1        0        21117       21117.00    0.00        21117.00   
  67       2023612      1        4        71573        0.46   19       0        20272       3767.00     0.00        3767.00    
  68       2008120      1        4        267778       1.71   93       0        20122       2879.33     0.00        2879.33    
  69       2023627      1        3        139499       0.89   42       0        19421       3321.40     0.00        3321.40    
  70       2024778      1        1        30203        0.19   4        0        19128       7550.75     0.00        7550.75    
  71       2020786      1        4        19091        0.12   1        0        19091       19091.00    0.00        19091.00   
  72       2016948      1        2        51891        0.33   3        0        18490       17297.00    0.00        17297.00   
  73       2017915      1        2        18029        0.12   1        0        18029       18029.00    0.00        18029.00   
  74       2016143      1        3        95091        0.61   6        0        17651       15848.50    0.00        15848.50   
  75       2802822      1        1        103697       0.66   30       0        16873       3456.57     0.00        3456.57    
  76       2019017      1        3        61210        0.39   16       0        16676       3825.62     0.00        3825.62    
  77       2024650      1        1        73595        0.47   5        0        16249       14719.00    0.00        14719.00   
  78       2803760      1        3        16233        0.10   1        0        16233       16233.00    0.00        16233.00   
  79       2022543      1        1        16065        0.10   1        0        16065       16065.00    0.00        16065.00   
  80       2826281      1        2        16044        0.10   1        0        16044       16044.00    0.00        16044.00   
  81       2018375      1        3        31447        0.20   2        0        15892       15723.50    0.00        15723.50   
  82       2819694      1        2        15854        0.10   1        0        15854       15854.00    0.00        15854.00   
  83       2807531      1        3        27325        0.17   2        0        15661       13662.50    0.00        13662.50   
  84       2023624      1        3        175199       1.12   59       0        15386       2969.47     0.00        2969.47    
  85       2017748      1        6        58941        0.38   4        0        15372       14735.25    0.00        14735.25   
  86       2014473      1        5        59255        0.38   4        0        15365       14813.75    0.00        14813.75   
  87       2008117      1        3        96652        0.62   30       0        15200       3221.73     0.00        3221.73    
  88       2100518      1        8        93169        0.60   28       0        14859       3327.46     0.00        3327.46    
  89       2014703      1        9        17445        0.11   2        0        14790       8722.50     0.00        8722.50    
  90       2019230      1        2        17990        0.11   2        0        14737       8995.00     0.00        8995.00    
  91       2811544      1        1        17990        0.11   2        0        14669       8995.00     0.00        8995.00    
  92       2811542      1        1        14663        0.09   1        0        14663       14663.00    0.00        14663.00   
  93       2019345      1        2        14605        0.09   1        0        14605       14605.00    0.00        14605.00   
  94       2811577      1        2        17715        0.11   2        0        14240       8857.50     0.00        8857.50    
  95       2014702      1        9        16793        0.11   2        0        14188       8396.50     0.00        8396.50    
  96       2023349      1        2        10970        0.07   1        0        10970       10970.00    0.00        10970.00   
  97       2001263      1        5        10562        0.07   1        0        10562       10562.00    0.00        10562.00   
  98       2006447      1        13       5287         0.03   1        0        5287        5287.00     0.00        5287.00    
  99       2018789      1        3        22960        0.15   5        0        4937        4592.00     0.00        4592.00    
  100      2008118      1        3        50746        0.32   17       0        4765        2985.06     0.00        2985.06    
  101      2008116      1        4        84676        0.54   28       0        4593        3024.14     0.00        3024.14    
  102      2018382      1        8        8149         0.05   2        0        4495        4074.50     0.00        4074.50    
  103      2009984      1        2        7692         0.05   2        0        4439        3846.00     0.00        3846.00    
  104      2022547      1        1        62887        0.40   20       0        4374        3144.35     0.00        3144.35    
  105      2001330      1        8        210323       1.34   74       0        4294        2842.20     0.00        2842.20    
  106      2017548      1        6        8300         0.05   2        0        4237        4150.00     0.00        4150.00    
  107      2828876      1        1        114329       0.73   38       0        4203        3008.66     0.00        3008.66    
  108      2009387      1        4        36483        0.23   10       0        4203        3648.30     0.00        3648.30    
  109      2024777      1        2        48017        0.31   15       0        4200        3201.13     0.00        3201.13    
  110      2806561      1        5        17361        0.11   5        0        4181        3472.20     0.00        3472.20    
  111      2102190      1        5        90055        0.58   29       0        4108        3105.34     0.00        3105.34    
  112      2018373      1        3        7550         0.05   2        0        4104        3775.00     0.00        3775.00    
  113      2023614      1        3        28022        0.18   9        0        4085        3113.56     0.00        3113.56    
  114      2023621      1        4        29375        0.19   10       0        4002        2937.50     0.00        2937.50    
  115      2103158      1        6        62103        0.40   21       0        3995        2957.29     0.00        2957.29    
  116      2103238      1        4        32311        0.21   10       0        3989        3231.10     0.00        3231.10    
  117      2019012      1        3        7019         0.04   2        0        3987        3509.50     0.00        3509.50    
  118      2010143      1        3        250963       1.60   92       0        3986        2727.86     0.00        2727.86    
  119      2023622      1        3        180585       1.15   67       0        3975        2695.30     0.00        2695.30    
  120      2816382      1        1        9697         0.06   3        0        3934        3232.33     0.00        3232.33    
  121      2019011      1        3        80991        0.52   28       0        3927        2892.54     0.00        2892.54    
  122      2025200      1        1        6539         0.04   2        0        3922        3269.50     0.00        3269.50    
  123      2811034      1        1        16289        0.10   5        0        3898        3257.80     0.00        3257.80    
  124      2022132      1        1        7514         0.05   2        0        3864        3757.00     0.00        3757.00    
  125      2013739      1        15       25

This file has been truncated. Go here to download in full.


stats.log - (3446 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
------------------------------------------------------------------------------------
Date: 2/4/2019 -- 11:33:36 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 4331
decoder.bytes                              | Total                     | 3066749
decoder.ipv4                               | Total                     | 4055
decoder.ipv6                               | Total                     | 95
decoder.ethernet                           | Total                     | 4331
decoder.tcp                                | Total                     | 4024
decoder.udp                                | Total                     | 95
decoder.icmpv6                             | Total                     | 31
decoder.avg_pkt_size                       | Total                     | 708
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 6
flow.udp                                   | Total                     | 20
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 6
tcp.syn                                    | Total                     | 6
tcp.synack                                 | Total                     | 6
tcp.rst                                    | Total                     | 3
tcp.overlap                                | Total                     | 2
tcp.insert_list_fail                       | Total                     | 1
detect.nonmpm_list                         | Total                     | 3
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.tls                         | Total                     | 5
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 19
flow_mgr.new_pruned                        | Total                     | 17
flow.spare                                 | Total                     | 10013
flow_mgr.flows_checked                     | Total                     | 22
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.flows_timeout                     | Total                     | 17
flow_mgr.flows_timeout_inuse               | Total                     | 4
flow_mgr.flows_removed                     | Total                     | 13
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65511
flow_mgr.rows_empty                        | Total                     | 3
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7080928


eve.json - (4988 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
{"timestamp":"2019-02-01T09:16:30.781419+0000","flow_id":647241076238404,"pcap_cnt":25,"event_type":"tls","src_ip":"192.168.100.26","src_port":49202,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:16:30.954690+0000","flow_id":1969208387604802,"pcap_cnt":28,"event_type":"dns","src_ip":"192.168.100.26","src_port":52614,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29393,"rrname":"www.download.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":1969208387604802,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"www.download.windowsupdate.com","rrtype":"CNAME","ttl":2843,"rdata":"2-01-3cf7-0009.cdx.cedexis.net"}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":1969208387604802,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"2-01-3cf7-0009.cdx.cedexis.net","rrtype":"CNAME","ttl":69,"rdata":"download.windowsupdate.com.edgesuite.net"}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":1969208387604802,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"download.windowsupdate.com.edgesuite.net","rrtype":"CNAME","ttl":222,"rdata":"a767.dspw65.akamai.net"}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":1969208387604802,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"a767.dspw65.akamai.net","rrtype":"A","ttl":19,"rdata":"2.16.186.56"}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":1969208387604802,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"a767.dspw65.akamai.net","rrtype":"A","ttl":19,"rdata":"2.16.186.81"}}
{"timestamp":"2019-02-01T09:16:31.073163+0000","flow_id":1300093285105531,"pcap_cnt":104,"event_type":"http","src_ip":"192.168.100.26","src_port":49206,"dest_ip":"2.16.186.56","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed"}}
{"timestamp":"2019-02-01T09:17:32.040762+0000","flow_id":758478585715537,"pcap_cnt":885,"event_type":"tls","src_ip":"192.168.100.26","src_port":50098,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:18:32.962990+0000","flow_id":937005347810957,"pcap_cnt":1715,"event_type":"tls","src_ip":"192.168.100.26","src_port":51021,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:19:33.846837+0000","flow_id":231524761200646,"pcap_cnt":2491,"event_type":"tls","src_ip":"192.168.100.26","src_port":51936,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:20:34.671515+0000","flow_id":290015777274391,"pcap_cnt":3298,"event_type":"tls","src_ip":"192.168.100.26","src_port":52848,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:21:26.741146+0000","flow_id":1300093285105531,"event_type":"fileinfo","src_ip":"2.16.186.56","src_port":80,"dest_ip":"192.168.100.26","dest_port":49206,"proto":"TCP","http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":56560},"app_proto":"http","fileinfo":{"filename":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","gaps":false,"state":"CLOSED","stored":false,"size":56560,"tx_id":0}}


keyword_perf.log - (10709 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 2/4/2019 -- 11:33:36
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             414025          117             117             23679           3538.00         3538.00         0.00           
  content          2950425         393             180             143398          7507.00         11231.00        4360.00        
  pcre             252986          46              22              35596           5499.00         4205.00         6686.00        
  byte_test        215510          65              46              10327           3315.00         3384.00         3148.00        
  byte_jump        94821           27              13              8530            3511.00         3749.00         3291.00        
  isdataat         2817            1               0               2817            2817.00         0.00            2817.00        
  flowbits         86070           25              1               11390           3442.00         11390.00        3111.00        
  urilen           9379            3               1               3377            3126.00         2965.00         3207.00        
  byte_extract     62918           20              20              8935            3145.00         3145.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             414025          117             117             23679           3538.00         3538.00         0.00           
  flowbits         74680           24              0               4687            3111.00         0.00            3111.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1370287         320             153             31619           4282.00         4966.00         3655.00        
  pcre             162949          31              21              35596           5256.00         3778.00         8360.00        
  byte_test        215510          65              46              10327           3315.00         3384.00         3148.00        
  byte_jump        91058           26              12              8530            3502.00         3748.00         3291.00        
  isdataat         2817            1               0               2817            2817.00         0.00            2817.00        
  byte_extract     62918           20              20              8935            3145.00         3145.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         11390           1               1               11390           11390.00        11390.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15013           4               1               4474            3753.00         4474.00         3513.00        
  urilen           9379            3               1               3377            3126.00         2965.00         3207.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3220            1               0               3220            3220.00         0.00            3220.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1464297         44              18              143398          33279.00        67752.00        9413.00        
  pcre             63950           13              0               12376           4919.00         0.00            4919.00        
  byte_jump        3763            1               1               3763            3763.00         3763.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          58298           13              7               7430            4484.00         4863.00         4042.00        
  pcre             26087           2               1               13172           13043.00        13172.00        12915.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16013           4               0               4865            4003.00         0.00            4003.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3006            1               0               3006            3006.00         0.00            3006.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3859            1               1               3859            3859.00         3859.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16432           5               0               3536            3286.00         0.00            3286.00        


suricata-report-2019-02-04-T-11-33-36-02042019.1133-47d9534d-8447-4d6b-b832-368a5b986a94.pcap.txt - (17603 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a48827fb10dc44191437e6253df6f4b256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/02042019.1133-47d9534d-8447-4d6b-b832-368a5b986a94.pcap -vvv -k none
elapsedtime:21.805454
stderr:
stdout:
4/2/2019 -- 11:33:14 - <Info> - Configuration node 'rule-files' redefined.
4/2/2019 -- 11:33:14 - <Notice> - This is Suricata version 4.0.0 RELEASE
4/2/2019 -- 11:33:14 - <Info> - CPUs/cores online: 1
4/2/2019 -- 11:33:14 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32029 and 'request-body-inspect-window' set to 16785 after randomization.
4/2/2019 -- 11:33:14 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33265 and 'response-body-inspect-window' set to 15584 after randomization.
4/2/2019 -- 11:33:14 - <Config> - DNS request flood protection level: 500
4/2/2019 -- 11:33:14 - <Config> - DNS per flow memcap (state-memcap): 524288
4/2/2019 -- 11:33:14 - <Config> - DNS global memcap: 16777216
4/2/2019 -- 11:33:14 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/2/2019 -- 11:33:14 - <Config> - preallocated 1000 hosts of size 136
4/2/2019 -- 11:33:14 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/2/2019 -- 11:33:14 - <Config> - using magic-file /usr/share/file/magic
4/2/2019 -- 11:33:14 - <Config> - Core dump size is unlimited.
4/2/2019 -- 11:33:14 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/2/2019 -- 11:33:14 - <Config> - preallocated 1000 defrag trackers of size 168
4/2/2019 -- 11:33:14 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/2/2019 -- 11:33:14 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/2/2019 -- 11:33:14 - <Config> - stream "memcap": 33554432
4/2/2019 -- 11:33:14 - <Config> - stream "midstream" session pickups: disabled
4/2/2019 -- 11:33:14 - <Config> - stream "async-oneside": disabled
4/2/2019 -- 11:33:14 - <Config> - stream "checksum-validation": disabled
4/2/2019 -- 11:33:14 - <Config> - stream."inline": disabled
4/2/2019 -- 11:33:14 - <Config> - stream "bypass": disabled
4/2/2019 -- 11:33:14 - <Config> - stream "max-synack-queued": 5
4/2/2019 -- 11:33:14 - <Config> - stream.reassembly "memcap": 134217728
4/2/2019 -- 11:33:14 - <Config> - stream.reassembly "depth": 0
4/2/2019 -- 11:33:14 - <Config> - stream.reassembly "toserver-chunk-size": 2516
4/2/2019 -- 11:33:14 - <Config> - stream.reassembly "toclient-chunk-size": 2441
4/2/2019 -- 11:33:14 - <Config> - stream.reassembly.raw: enabled
4/2/2019 -- 11:33:14 - <Config> - stream.reassembly "segment-prealloc": 2048
4/2/2019 -- 11:33:14 - <Config> - Delayed detect disabled
4/2/2019 -- 11:33:14 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/2/2019 -- 11:33:14 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/2/2019 -- 11:33:14 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/2/2019 -- 11:33:14 - <Config> - prefilter engines: MPM
4/2/2019 -- 11:33:14 - <Config> - IP reputation disabled
4/2/2019 -- 11:33:14 - <Perf> - Registered 148 keyword profiling counters.
4/2/2019 -- 11:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
4/2/2019 -- 11:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
4/2/2019 -- 11:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
4/2/2019 -- 11:33:19 - <Config> - No rules loaded from ET-icmp.rules.
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
4/2/2019 -- 11:33:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
4/2/2019 -- 11:33:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
4/2/2019 -- 11:33:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
4/2/2019 -- 11:33:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
4/2/2019 -- 11:33:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
4/2/2019 -- 11:33:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
4/2/2019 -- 11:33:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
4/2/2019 -- 11:33:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
4/2/2019 -- 11:33:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
4/2/2019 -- 11:33:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
4/2/2019 -- 11:33:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
4/2/2019 -- 11:33:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
4/2/2019 -- 11:33:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
4/2/2019 -- 11:33:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
4/2/2019 -- 11:33:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
4/2/2019 -- 11:33:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
4/2/2019 -- 11:33:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
4/2/2019 -- 11:33:26 - <Config> - No rules loaded from local.rules.
4/2/2019 -- 11:33:26 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
4/2/2019 -- 11:33:26 - <Info> - Threshold config parsed: 0 rule(s) found
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for tcp-packet
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for tcp-stream
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for udp-packet
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for other-ip
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_uri
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_request_line
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_client_body
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_response_line
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_header
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_header
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_header_names
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_header_names
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_accept
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_accept_enc
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_accept_lang
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_referer
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_connection
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_content_len
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_content_len
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_content_type
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_content_type
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_protocol
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_protocol
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_start
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_start
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_raw_header
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_raw_header
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_method
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_cookie
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_cookie
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_raw_uri
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_user_agent
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_host
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_raw_host
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_stat_msg
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_stat_code
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for dns_query
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for tls_sni
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for tls_cert_serial
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for dce_stub_data
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for dce_stub_data
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for ssh_protocol
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for ssh_protocol
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for ssh_software
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for ssh_software
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for file_data
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for file_data
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_request_line
4/2/2019 -- 11:33:27 - <Perf> - using shared mpm ctx' for http_response_line
4/2/2019 -- 11:33:27 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
4/2/2019 -- 11:33:27 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/2/2019 -- 11:33:27 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
4/2/2019 -- 11:33:27 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
4/2/2019 -- 11:33:27 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
4/2/2019 -- 11:33:27 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
4/2/2019 -- 11:33:27 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
4/2/2019 -- 11:33:27 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/2/2019 -- 11:33:32 - <Perf> - Unique rule groups: 104
4/2/2019 -- 11:33:32 - <Perf> - Builtin MPM "toserver TCP packet": 35
4/2/2019 -- 11:33:32 - <Perf> - Builtin MPM "toclient TCP packet": 17
4/2/2019 -- 11:33:32 - <Perf> - Builtin MPM "toserver TCP stream": 33
4/2/2019 -- 11:33:32 - <Perf> - Builtin MPM "toclient TCP stream": 19
4/2/2019 -- 11:33:32 - <Perf> - Builtin MPM "toserver UDP packet": 27
4/2/2019 -- 11:33:32 - <Perf> - Builtin MPM "toclient UDP packet": 17
4/2/2019 -- 11:33:32 - <Perf> - Builtin MPM "other IP packet": 3
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_uri": 14
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_request_line": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_client_body": 6
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient http_response_line": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_header": 10
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient http_header": 6
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_header_names": 2
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_accept": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_referer": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_content_len": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_content_type": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient http_content_type": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_protocol": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_start": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_method": 5
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver http_host": 2
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver tls_sni": 2
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toserver file_data": 1
4/2/2019 -- 11:33:32 - <Perf> - AppLayer MPM "toclient file_data": 7
4/2/2019 -- 11:33:34 - <Perf> - Registered 39590 rule profiling counters.
4/2/2019 -- 11:33:34 - <Info> - fast output device (regular) initialized: alert
4/2/2019 -- 11:33:34 - <Info> - eve-log output device (regular) initialized: eve.json
4/2/2019 -- 11:33:34 - <Config> - enabling 'eve-log' module 'alert'
4/2/2019 -- 11:33:34 - <Config> - enabling 'eve-log' module 'http'
4/2/2019 -- 11:33:34 - <Config> - enabling 'eve-log' module 'dns'
4/2/2019 -- 11:33:34 - <Config> - enabling 'eve-log' module 'tls'
4/2/2019 -- 11:33:34 - <Config> - enabling 'eve-log' module 'files'
4/2/2019 -- 11:33:34 - <Config> - enabling 'eve-log' module 'ssh'
4/2/2019 -- 11:33:34 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
4/2/2019 -- 11:33:34 - <Info> - stats output device (regular) initialized: stats.log
4/2/2019 -- 11:33:34 - <Config> - AutoFP mode using "Hash" flow load balancer
4/2/2019 -- 11:33:34 - <Info> - reading pcap file /var/pcap/02042019.1133-47d9534d-8447-4d6b-b832-368a5b986a94.pcap
4/2/2019 -- 11:33:34 - <Config> - using 1 flow manager threads
4/2/2019 -- 11:33:34 - <Config> - using 1 flow recycler threads
4/2/2019 -- 11:33:34 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-02-04 11:33:13,798 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-02-04 11:33:14,503 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-02-04 11:33:14,503 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-02-04 11:33:14,504 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-02-04 11:33:14,504 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-02-04 11:33:14,504 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a48827fb10dc44191437e6253df6f4b256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/02042019.1133-47d9534d-8447-4d6b-b832-368a5b986a94.pcap -vvv -k none
2019-02-04 11:33:36,311 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-02-04 11:33:36,312 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.5237219334