Filename: 47d9534d-8447-4d6b-b832-368a5b986a94.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.58739805222 seconds
Hash: a48827fb10dc44191437e6253df6f4b2
Uploaded: 1549889706

Logfiles


suricata-4.0.0-etopen-all-perf.txt-2019-02-11-T-12-55-16-02042019.1133-47d9534d-8447-4d6b-b832-368a5b986a94.pcap.txt - (18134 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 2/11/2019 -- 12:55:16. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2020865      1        3        12046562     50.06  4        0        11634636    3011640.50  0.00        3011640.50 
  2        2010143      1        3        4168120      17.32  92       0        3884865     45305.65    0.00        45305.65   
  3        2023476      1        5        467207       1.94   5        0        119894      93441.40    0.00        93441.40   
  4        2019832      1        4        258835       1.08   5        0        103720      51767.00    0.00        51767.00   
  5        2023818      1        2        65058        0.27   1        1        65058       65058.00    65058.00    0.00       
  6        2022535      1        11       260678       1.08   5        0        62151       52135.60    0.00        52135.60   
  7        2022627      1        12       254532       1.06   5        0        60966       50906.40    0.00        50906.40   
  8        2018005      1        6        268872       1.12   5        0        58728       53774.40    0.00        53774.40   
  9        2020766      1        2        51301        0.21   1        0        51301       51301.00    0.00        51301.00   
  10       2024771      1        1        245904       1.02   47       0        47723       5232.00     0.00        5232.00    
  11       2016537      1        2        302567       1.26   19       0        35548       15924.58    0.00        15924.58   
  12       2019016      1        3        143877       0.60   28       0        34586       5138.46     0.00        5138.46    
  13       2023617      1        3        89947        0.37   19       0        33943       4734.05     0.00        4734.05    
  14       2020785      1        3        31431        0.13   1        0        31431       31431.00    0.00        31431.00   
  15       2012707      1        5        30667        0.13   1        0        30667       30667.00    0.00        30667.00   
  16       2020698      1        2        30426        0.13   1        0        30426       30426.00    0.00        30426.00   
  17       2020800      1        2        30361        0.13   1        0        30361       30361.00    0.00        30361.00   
  18       2010140      1        7        331314       1.38   92       0        29237       3601.24     0.00        3601.24    
  19       2018880      1        2        28054        0.12   1        0        28054       28054.00    0.00        28054.00   
  20       2020798      1        2        27449        0.11   1        0        27449       27449.00    0.00        27449.00   
  21       2018057      1        4        25981        0.11   1        0        25981       25981.00    0.00        25981.00   
  22       2020786      1        4        25439        0.11   1        0        25439       25439.00    0.00        25439.00   
  23       2020613      1        3        25376        0.11   1        0        25376       25376.00    0.00        25376.00   
  24       2009702      1        5        27819        0.12   2        0        25273       13909.50    0.00        13909.50   
  25       2020787      1        2        25070        0.10   1        0        25070       25070.00    0.00        25070.00   
  26       2022552      1        2        91876        0.38   4        0        25059       22969.00    0.00        22969.00   
  27       2020770      1        2        24618        0.10   1        0        24618       24618.00    0.00        24618.00   
  28       2020695      1        1        24256        0.10   1        0        24256       24256.00    0.00        24256.00   
  29       2020790      1        2        24243        0.10   1        0        24243       24243.00    0.00        24243.00   
  30       2020692      1        1        23710        0.10   1        0        23710       23710.00    0.00        23710.00   
  31       2014519      1        7        43710        0.18   2        0        23390       21855.00    0.00        21855.00   
  32       2017552      1        6        293100       1.22   20       0        23363       14655.00    0.00        14655.00   
  33       2012612      1        16       23272        0.10   1        0        23272       23272.00    0.00        23272.00   
  34       2007880      1        7        23230        0.10   1        0        23230       23230.00    0.00        23230.00   
  35       2022502      1        4        23000        0.10   1        0        23000       23000.00    0.00        23000.00   
  36       2010142      1        4        297729       1.24   92       0        22865       3236.18     0.00        3236.18    
  37       2014701      1        12       24993        0.10   2        0        22438       12496.50    0.00        12496.50   
  38       2024909      1        2        41084        0.17   2        0        22148       20542.00    0.00        20542.00   
  39       2016143      1        3        119794       0.50   7        0        21171       17113.43    0.00        17113.43   
  40       2018667      1        3        20914        0.09   1        0        20914       20914.00    0.00        20914.00   
  41       2017915      1        2        19894        0.08   1        0        19894       19894.00    0.00        19894.00   
  42       2016178      1        2        70367        0.29   17       0        18479       4139.24     0.00        4139.24    
  43       2016948      1        2        64497        0.27   4        0        17211       16124.25    0.00        16124.25   
  44       2017748      1        6        74814        0.31   5        0        17126       14962.80    0.00        14962.80   
  45       2018375      1        3        31199        0.13   2        0        16536       15599.50    0.00        15599.50   
  46       2100518      1        8        112288       0.47   28       0        16488       4010.29     0.00        4010.29    
  47       2024650      1        1        88473        0.37   6        0        16466       14745.50    0.00        14745.50   
  48       2014473      1        5        73601        0.31   5        0        16026       14720.20    0.00        14720.20   
  49       2023626      1        3        204366       0.85   63       0        15899       3243.90     0.00        3243.90    
  50       2022543      1        1        15413        0.06   1        0        15413       15413.00    0.00        15413.00   
  51       2019230      1        2        18515        0.08   2        0        15243       9257.50     0.00        9257.50    
  52       2014702      1        9        17242        0.07   2        0        14687       8621.00     0.00        8621.00    
  53       2014703      1        9        17095        0.07   2        0        14437       8547.50     0.00        8547.50    
  54       2019345      1        2        14352        0.06   1        0        14352       14352.00    0.00        14352.00   
  55       2001263      1        5        11904        0.05   1        0        11904       11904.00    0.00        11904.00   
  56       2023349      1        2        9964         0.04   1        0        9964        9964.00     0.00        9964.00    
  57       2018789      1        3        27548        0.11   5        0        5953        5509.60     0.00        5509.60    
  58       2018382      1        8        9710         0.04   2        0        5750        4855.00     0.00        4855.00    
  59       2009387      1        4        38729        0.16   10       0        5347        3872.90     0.00        3872.90    
  60       2023622      1        3        197266       0.82   67       0        5082        2944.27     0.00        2944.27    
  61       2023627      1        3        132557       0.55   42       0        4966        3156.12     0.00        3156.12    
  62       2019012      1        3        7872         0.03   2        0        4892        3936.00     0.00        3936.00    
  63       2016181      1        2        58499        0.24   17       0        4837        3441.12     0.00        3441.12    
  64       2001330      1        8        221182       0.92   74       0        4831        2988.95     0.00        2988.95    
  65       2019017      1        3        53030        0.22   16       0        4741        3314.38     0.00        3314.38    
  66       2019011      1        3        90726        0.38   28       0        4717        3240.21     0.00        3240.21    
  67       2008120      1        4        276321       1.15   93       0        4706        2971.19     0.00        2971.19    
  68       2008116      1        4        90675        0.38   28       0        4653        3238.39     0.00        3238.39    
  69       2102257      1        10       58285        0.24   17       0        4631        3428.53     0.00        3428.53    
  70       2102190      1        5        91853        0.38   29       0        4630        3167.34     0.00        3167.34    
  71       2103158      1        6        68840        0.29   21       0        4625        3278.10     0.00        3278.10    
  72       2017548      1        6        8093         0.03   2        0        4583        4046.50     0.00        4046.50    
  73       2023624      1        3        172661       0.72   59       0        4572        2926.46     0.00        2926.46    
  74       2015986      1        5        75110        0.31   23       0        4515        3265.65     0.00        3265.65    
  75       2016323      1        1        7428         0.03   2        0        4513        3714.00     0.00        3714.00    
  76       2008118      1        3        54548        0.23   17       0        4509        3208.71     0.00        3208.71    
  77       2024777      1        2        52269        0.22   15       0        4481        3484.60     0.00        3484.60    
  78       2102523      1        8        21424        0.09   6        0        4478        3570.67     0.00        3570.67    
  79       2019010      1        3        54145        0.22   16       0        4468        3384.06     0.00        3384.06    
  80       2019019      1        3        7928         0.03   2        0        4441        3964.00     0.00        3964.00    
  81       2100327      1        10       12283        0.05   3        0        4415        4094.33     0.00        4094.33    
  82       2019738      1        2        4413         0.02   1        0        4413        4413.00     0.00        4413.00    
  83       2103238      1        4        31441        0.13   10       0        4325        3144.10     0.00        3144.10    
  84       2023625      1        3        115245       0.48   39       0        4294        2955.00     0.00        2955.00    
  85       2016179      1        2        54278        0.23   17       0        4292        3192.82     0.00        3192.82    
  86       2008117      1        3        91649        0.38   30       0        4176        3054.97     0.00        3054.97    
  87       2017935      1        3        18715        0.08   5        0        4174        3743.00     0.00        3743.00    
  88       2006447      1        13       4112         0.02   1        0        4112        4112.00     0.00        4112.00    
  89       2018558      1        5        4109         0.02   1        0        4109        4109.00     0.00        4109.00    
  90       2009243      1        2        54760        0.23   17       0        4102        3221.18     0.00        3221.18    
  91       2102460      1        5        4087         0.02   1        0        4087        4087.00     0.00        4087.00    
  92       2025200      1        1        7213         0.03   2        0        3975        3606.50     0.00        3606.50    
  93       2023623      1        3        87688        0.36   29       0        3940        3023.72     0.00        3023.72    
  94       2102523      1        8        19529        0.08   6        0        3918        3254.83     0.00        3254.83    
  95       2103159      1        4        33512        0.14   10       0        3892        3351.20     0.00        3351.20    
  96       2025401      1        2        6938         0.03   2        0        3864        3469.00     0.00        3469.00    
  97       2100566      1        5        6434         0.03   2        0        3831        3217.00     0.00        3217.00    
  98       2023612      1        4        57529        0.24   19       0        3796        3027.84     0.00        3027.84    
  99       2016363      1        2        6429         0.03   2        0        3789        3214.50     0.00        3214.50    
  100      2022547      1        1        63071        0.26   20       0        3721        3153.55     0.00        3153.55    
  101      2103239      1        4        15346        0.06   5        0        3719        3069.20     0.00        3069.20    
  102      2023621      1        4        29099        0.12   10       0        3678        2909.90     0.00        2909.90    
  103      2100540      1        12       6701         0.03   2        0        3677        3350.50     0.00        3350.50    
  104      2022132      1        1        6742         0.03   2        0        3664        3371.00     0.00        3371.00    
  105      2023619      1        3        49695        0.21   17       0        3660        2923.24     0.00        2923.24    
  106      2009099      1        3        6702         0.03   2        0        3632        3351.00     0.00        3351.00    
  107      2100474      1        5        12207        0.05   4        0        3557        3051.75     0.00        3051.75    
  108      2023614      1        3        28599        0.12   9        0        3509        3177.67     0.00        3177.67    
  109      2008420      1        4        6615         0.03   2        0        3467        3307.50     0.00        3307.50    
  110      2018377      1        3        6887         0.03   2        0        3452        3443.50     0.00        3443.50    
  111      2009984      1        2        6725         0.03   2        0        3428        3362.50     0.00        3362.50    
  112      2102110      1        4        3423         0.01   1        0        3423        3423.00     0.00        3423.00    
  113      2018373      1        3        6782         0.03   2        0        3411        3391.00     0.00        3391.00    
  114      2024778      1        1        12328        0.05   4        0        3399        3082.00     0.00        3082.00    
  115      2018283      1        5        3394         0.01   1        0        3394        3394.00     0.00        3394.00    
  116      2024775      1        1        11542        0.05   4        0        3384        2885.50     0.00        2885.50    
  117      2019313      1        3        6553         0.03   2        0        3305        3276.50     0.00        3276.50    
  118      2102330      1        3        3277         0.01   1        0        3277        3277.00     0.00        3277.00    
  119      2100540      1        12       6288         0.03   2        0        3262        3144.00     0.00        3144.00    
  120      2101379      1        13       3255         0.01   1        0        3255        3255.00     0.00        3255.00    
  121      2021248      1        7        3247         0.01   1        0        3247        3247.00     0.00        3247.00    
  122      2021977      1        6        3245         0.01   1        0        3245        3245.00     0.00        3245.00    
  123      2100660      1        13       3240         0.01   1        0        3240        3240.00     0.00        3240.00    
  124      2018291      1        1        3232         0.01   1        0        3232        3232.00     0.00        3232.00    
  125      2012236      1        2        3

This file has been truncated. Go here to download in full.


suricata-report-2019-02-11-T-12-55-16-02042019.1133-47d9534d-8447-4d6b-b832-368a5b986a94.pcap.txt - (18127 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/a48827fb10dc44191437e6253df6f4b2d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/02042019.1133-47d9534d-8447-4d6b-b832-368a5b986a94.pcap -vvv -k none
elapsedtime:8.605517
stderr:
stdout:
11/2/2019 -- 12:55:07 - <Info> - Configuration node 'rule-files' redefined.
11/2/2019 -- 12:55:07 - <Notice> - This is Suricata version 4.0.0 RELEASE
11/2/2019 -- 12:55:07 - <Info> - CPUs/cores online: 1
11/2/2019 -- 12:55:07 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32927 and 'request-body-inspect-window' set to 16108 after randomization.
11/2/2019 -- 12:55:07 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33400 and 'response-body-inspect-window' set to 17139 after randomization.
11/2/2019 -- 12:55:07 - <Config> - DNS request flood protection level: 500
11/2/2019 -- 12:55:07 - <Config> - DNS per flow memcap (state-memcap): 524288
11/2/2019 -- 12:55:07 - <Config> - DNS global memcap: 16777216
11/2/2019 -- 12:55:07 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
11/2/2019 -- 12:55:07 - <Config> - preallocated 1000 hosts of size 136
11/2/2019 -- 12:55:07 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
11/2/2019 -- 12:55:07 - <Config> - using magic-file /usr/share/file/magic
11/2/2019 -- 12:55:07 - <Config> - Core dump size is unlimited.
11/2/2019 -- 12:55:07 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
11/2/2019 -- 12:55:07 - <Config> - preallocated 1000 defrag trackers of size 168
11/2/2019 -- 12:55:07 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
11/2/2019 -- 12:55:07 - <Config> - stream "prealloc-sessions": 2048 (per thread)
11/2/2019 -- 12:55:07 - <Config> - stream "memcap": 33554432
11/2/2019 -- 12:55:07 - <Config> - stream "midstream" session pickups: disabled
11/2/2019 -- 12:55:07 - <Config> - stream "async-oneside": disabled
11/2/2019 -- 12:55:07 - <Config> - stream "checksum-validation": disabled
11/2/2019 -- 12:55:07 - <Config> - stream."inline": disabled
11/2/2019 -- 12:55:07 - <Config> - stream "bypass": disabled
11/2/2019 -- 12:55:07 - <Config> - stream "max-synack-queued": 5
11/2/2019 -- 12:55:07 - <Config> - stream.reassembly "memcap": 134217728
11/2/2019 -- 12:55:07 - <Config> - stream.reassembly "depth": 0
11/2/2019 -- 12:55:07 - <Config> - stream.reassembly "toserver-chunk-size": 2551
11/2/2019 -- 12:55:07 - <Config> - stream.reassembly "toclient-chunk-size": 2498
11/2/2019 -- 12:55:07 - <Config> - stream.reassembly.raw: enabled
11/2/2019 -- 12:55:07 - <Config> - stream.reassembly "segment-prealloc": 2048
11/2/2019 -- 12:55:07 - <Config> - Delayed detect disabled
11/2/2019 -- 12:55:07 - <Config> - pattern matchers: MPM: ac, SPM: bm
11/2/2019 -- 12:55:07 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
11/2/2019 -- 12:55:07 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
11/2/2019 -- 12:55:07 - <Config> - prefilter engines: MPM
11/2/2019 -- 12:55:07 - <Config> - IP reputation disabled
11/2/2019 -- 12:55:07 - <Perf> - Registered 148 keyword profiling counters.
11/2/2019 -- 12:55:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
11/2/2019 -- 12:55:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
11/2/2019 -- 12:55:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
11/2/2019 -- 12:55:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
11/2/2019 -- 12:55:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
11/2/2019 -- 12:55:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
11/2/2019 -- 12:55:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
11/2/2019 -- 12:55:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
11/2/2019 -- 12:55:09 - <Config> - No rules loaded from ET-emerging-icmp.rules.
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
11/2/2019 -- 12:55:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
11/2/2019 -- 12:55:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
11/2/2019 -- 12:55:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
11/2/2019 -- 12:55:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
11/2/2019 -- 12:55:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
11/2/2019 -- 12:55:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
11/2/2019 -- 12:55:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
11/2/2019 -- 12:55:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
11/2/2019 -- 12:55:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
11/2/2019 -- 12:55:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
11/2/2019 -- 12:55:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
11/2/2019 -- 12:55:12 - <Config> - No rules loaded from local.rules.
11/2/2019 -- 12:55:12 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
11/2/2019 -- 12:55:12 - <Info> - Threshold config parsed: 0 rule(s) found
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for tcp-packet
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for tcp-stream
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for udp-packet
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for other-ip
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_uri
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_request_line
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_client_body
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_response_line
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_header
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_header
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_header_names
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_header_names
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_accept
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_accept_enc
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_accept_lang
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_referer
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_connection
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_content_len
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_content_len
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_content_type
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_content_type
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_protocol
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_protocol
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_start
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_start
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_raw_header
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_raw_header
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_method
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_cookie
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_cookie
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_raw_uri
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_user_agent
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_host
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_raw_host
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_stat_msg
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_stat_code
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for dns_query
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for tls_sni
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for tls_cert_issuer
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for tls_cert_subject
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for tls_cert_serial
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for dce_stub_data
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for dce_stub_data
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for ssh_protocol
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for ssh_protocol
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for ssh_software
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for ssh_software
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for file_data
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for file_data
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_request_line
11/2/2019 -- 12:55:12 - <Perf> - using shared mpm ctx' for http_response_line
11/2/2019 -- 12:55:12 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
11/2/2019 -- 12:55:12 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
11/2/2019 -- 12:55:12 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
11/2/2019 -- 12:55:12 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
11/2/2019 -- 12:55:12 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
11/2/2019 -- 12:55:12 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
11/2/2019 -- 12:55:12 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
11/2/2019 -- 12:55:12 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
11/2/2019 -- 12:55:13 - <Perf> - Unique rule groups: 111
11/2/2019 -- 12:55:13 - <Perf> - Builtin MPM "toserver TCP packet": 31
11/2/2019 -- 12:55:13 - <Perf> - Builtin MPM "toclient TCP packet": 20
11/2/2019 -- 12:55:13 - <Perf> - Builtin MPM "toserver TCP stream": 31
11/2/2019 -- 12:55:13 - <Perf> - Builtin MPM "toclient TCP stream": 21
11/2/2019 -- 12:55:13 - <Perf> - Builtin MPM "toserver UDP packet": 33
11/2/2019 -- 12:55:13 - <Perf> - Builtin MPM "toclient UDP packet": 15
11/2/2019 -- 12:55:13 - <Perf> - Builtin MPM "other IP packet": 2
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_uri": 8
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_request_line": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_client_body": 6
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient http_response_line": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_header": 6
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient http_header": 3
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_header_names": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_accept": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_referer": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_content_len": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_content_type": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient http_content_type": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_start": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_method": 3
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_cookie": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient http_cookie": 2
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver http_host": 2
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver dns_query": 4
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver tls_sni": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toserver file_data": 1
11/2/2019 -- 12:55:13 - <Perf> - AppLayer MPM "toclient file_data": 5
11/2/2019 -- 12:55:14 - <Perf> - Registered 18241 rule profiling counters.
11/2/2019 -- 12:55:14 - <Info> - fast output device (regular) initialized: alert
11/2/2019 -- 12:55:14 - <Info> - eve-log output device (regular) initialized: eve.json
11/2/2019 -- 12:55:14 - <Config> - enabling 'eve-log' module 'alert'
11/2/2019 -- 12:55:14 - <Config> - enabling 'eve-log' module 'http'
11/2/2019 -- 12:55:14 - <Config> - enabling 'eve-log' module 'dns'
11/2/2019 -- 12:55:14 - <Config> - enabling 'eve-log' module 'tls'
11/2/2019 -- 12:55:14 - <Config> - enabling 'eve-log' module 'files'
11/2/2019 -- 12:55:14 - <Config> - enabling 'eve-log' module 'ssh'
11/2/2019 -- 12:55:14 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
11/2/2019 

This file has been truncated. Go here to download in full.


packet_stats.log - (17136 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          4030           102741      351871285     263022233       1060.0b   97.05
 IPv4      17            31          1236454      298224755     125081211          3.9b    0.36
 IPv6      17            64          2057045      354399098     294252134         18.8b    1.72
 IPv6      58            31        277579354      353512319     306759415          9.5b    0.87
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          4030            68226       14465030        121825        491.0m   86.62
TMM_FLOWWORKER              IPv4      17            31           111777        4111203        345592         10.7m    1.89
TMM_RECEIVEPCAPFILE         IPv4       6          4024             2536        1621847          3455         13.9m    2.45
TMM_RECEIVEPCAPFILE         IPv4      17            31             2552           9605          3230        100.2k    0.02
TMM_DECODEPCAPFILE          IPv4       6          4024             2648        4761442          9192         37.0m    6.53
TMM_DECODEPCAPFILE          IPv4      17            31             2733          30903          4058        125.8k    0.02
TMM_FLOWWORKER              IPv6      17            64           101670         335184        171599         11.0m    1.94
TMM_FLOWWORKER              IPv6      58            31            66363         118305         79094          2.5m    0.43
TMM_RECEIVEPCAPFILE         IPv6      17            64             2551           3571          2715        173.8k    0.03
TMM_RECEIVEPCAPFILE         IPv6      58            31             2551           3527          2719         84.3k    0.01
TMM_DECODEPCAPFILE          IPv6      17            64             2704          16391          3308        211.7k    0.04
TMM_DECODEPCAPFILE          IPv6      58            31             2717          11956          3552        110.1k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          4024             2793         758756          3541         14.3m  3.26  
flow                    IPv4      17            31             2653          33086          5228        162.1k  0.04  
stream                  IPv4       6          4030             2658         643456          6905         27.8m  6.36  
app-layer               IPv4      17            31             2521          39442          6065        188.0k  0.04  
detect                  IPv4       6          4030            45524       14413149         88191        355.4m  81.18 
detect                  IPv4      17            31            96213        4083548        315078          9.8m  2.23  
tcp-prune               IPv4       6          4030             2531        4149808          4438         17.9m  4.09  
flow                    IPv6      17            64             2748          24099          4132        264.5k  0.06  
flow                    IPv6      58            31             2814           6483          3521        109.2k  0.02  
app-layer               IPv6      17            64             2531          17774          5054        323.5k  0.07  
detect                  IPv6      17            64            85955         295507        149174          9.5m  2.18  
detect                  IPv6      58            31            55218         103223         66357          2.1m  0.47  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            15030          36979         26004         52.0k  41.36 
tls                     IPv4       6             5             2899           4942          4166         20.8k  16.57 
dns                     IPv4      17             2            10057          11582         10819         21.6k  17.21 
tls                     IPv6      17            11             2842           2842          2842         31.3k  24.86 
Proto detect            IPv4      17             6             2800          24946         12021         72.1k
Proto detect            IPv6      17            15             2737           9736          3988         59.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2            79389         106977         93183        186.4k  1.30  
LOGGER_JSON_HTTP            IPv4       6             1           162661         162661        162661        162.7k  1.14  
LOGGER_JSON_TLS             IPv4       6             5           135167       13051011       2747655         13.7m  96.05 
LOGGER_JSON_FILE            IPv4       6             1           215386         215386        215386        215.4k  1.51  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           107             2605         136431         33564         3.6m  13.97 
payload                           IPv4      17            31             3120          55920         15389       477.1k  1.86  
stream                            IPv4       6           107             2541         448058         32502         3.5m  13.53 
http_uri                          IPv4       6             1            28858          28858         28858        28.9k  0.11  
http_request_line                 IPv4       6             1             7135           7135          7135         7.1k  0.03  
http_client_body                  IPv4       6             1             4274           4274          4274         4.3k  0.02  
http_header (request)             IPv4       6             1            93684          93684         93684        93.7k  0.36  
http_header (request trailer)     IPv4       6             1             2700           2700          2700         2.7k  0.01  
http_header_names (request)       IPv4       6             1            23933          23933         23933        23.9k  0.09  
http_accept (request)             IPv4       6             1             4112           4112          4112         4.1k  0.02  
http_referer (request)            IPv4       6             1             3368           3368          3368         3.4k  0.01  
http_content_len (request)        IPv4       6             1             3490           3490          3490         3.5k  0.01  
http_content_type (request)       IPv4       6             1             3653           3653          3653         3.7k  0.01  
http_start (request)              IPv4       6             1             9996           9996          9996        10.0k  0.04  
http_raw_header (request)         IPv4       6             1            16487          16487         16487        16.5k  0.06  
http_method                       IPv4       6             1             4669           4669          4669         4.7k  0.02  
http_cookie (request)             IPv4       6             1             3538           3538          3538         3.5k  0.01  
http_raw_uri                      IPv4       6             1             5522           5522          5522         5.5k  0.02  
http_user_agent                   IPv4       6             1            13543          13543         13543        13.5k  0.05  
http_host                         IPv4       6             1            10710          10710         10710        10.7k  0.04  
dns_query                         IPv4      17             1            15328          15328         15328        15.3k  0.06  
tls_sni                           IPv4       6             5             2929           3836          3522        17.6k  0.07  
http_response_line                IPv4       6             1            10992          10992         10992        11.0k  0.04  
http_header (response)            IPv4       6             1            42027          42027         42027        42.0k  0.16  
http_header (response trailer)    IPv4       6             1             3529           3529          3529         3.5k  0.01  
http_content_type (response)      IPv4       6             1             8319           8319          8319         8.3k  0.03  
http_raw_header (response)        IPv4       6            47             4621       14091134        306385        14.4m  56.01 
http_cookie (response)            IPv4       6             1             9938           9938          9938         9.9k  0.04  
http_stat_code                    IPv4       6             1             6086           6086          6086         6.1k  0.02  
tls_cert_issuer                   IPv4       6             5             7559           9300          8675        43.4k  0.17  
tls_cert_subject                  IPv4       6             5             6942           8660          7516        37.6k  0.15  
tls_cert_serial                   IPv4       6             5             6150           7653          6748        33.7k  0.13  
file_data (http response)         IPv4       6            47             2573         659728         53332         2.5m  9.75  
Total                             IPv4                   383                                         65068        24.9m
payload                           IPv6      17            64             2982          52314         10170       650.9k  2.53  
payload                           IPv6      58            31             2726          12380          4408       136.7k  0.53  
Total                             IPv6                    95                                          8290       787.6k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            12            12129          86709         34402        412.8k  0.13  
PROF_DETECT_IPONLY          IPv4      17             6            19481          54814         34923        209.5k  0.07  
PROF_DETECT_RULES           IPv4       6          4030             2520       11736426          7464         30.1m  9.51  
PROF_DETECT_RULES           IPv4      17            31            39199        4003711        224817          7.0m  2.20  
PROF_DETECT_STATEFUL_START    IPv4       6            28             5120       11622642        440630         12.3m  3.90  
PROF_DETECT_STATEFUL_CONT    IPv4       6          4030             2508       11842686          7328         29.5m  9.34  
PROF_DETECT_STATEFUL_CONT    IPv4      17            31             2507           4515          3032         94.0k  0.03  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          4006             2543          55112          2864         11.5m  3.63  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             2693           3045          2869          5.7k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          4030             7804       14254089         25321        102.0m  32.27 
PROF_DETECT_PREFILTER       IPv4      17            31            23960          80118         41600          1.3m  0.41  
PROF_DETECT_PF_PAYLOAD      IPv4       6           107            16805         471083         74832          8.0m  2.53  
PROF_DETECT_PF_PAYLOAD      IPv4      17            31             8186          60979         21140        655.4k  0.21  
PROF_DETECT_PF_TX           IPv4       6          4006             2574       14202636          7978         32.0m  10.11 
PROF_DETECT_PF_TX           IPv4      17             1            22058          22058         22058         22.1k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6            71             2525           4264          3109        220.8k  0.07  
PROF_DETECT_PF_SORT1        IPv4      17            31             2603           5882          3885        120.5k  0.04  
PROF_DETECT_PF_SORT2        IPv4       6          4030             2514          46697          2812         11.3m  3.58  
PROF_DETECT_PF_SORT2        IPv4      17            31             2550           4747          3311        102.7k  0.03  
PROF_DETECT_NONMPMLIST      IPv4       6          4030             2522        3799051          4699         18.9m  5.99  
PROF_DETECT_NONMPMLIST      IPv4      17            31             2519           3956          3111         96.5k  0.03  
PROF_DETECT_ALERT           IPv4       6          4030             2516          80817          2836         11.4m  3.62  
PROF_DETECT_ALERT           IPv4      17            31             2531          15863          3340        103.6k  0.03  
PROF_DETECT_CLEANUP         IPv4       6          4030             2554        1795580          3388         13.7m  4.32  
PROF_DETECT_CLEANUP         IPv4      17            31             2529           6458          3138         97.3k  0.03  
PROF_DETECT_GETSGH          IPv4       6          4030             2511        1335946          3432         13.8m  4.37  
PROF_DETECT_GETSGH          IPv4      17            31             2520          21683          4090        126.8k  0.04  
PROF_DETECT_IPONLY          IPv6      17            15             2976          10869          4139         62.1k  0.02  
PROF_DETECT_IPONLY          IPv6      58             1            11935          11935         11935         11.9k  0.00  
PROF_DETECT_RULES           IPv6      17            64            28332         200129         68598          4.4m  1.39  
PROF_DETECT_RULES           IPv6      58            31             2529          11630          3826        118.6k  0.04  
PROF_DETECT_STATEFUL_CONT    IPv6      17            64             2507          20159          3285        210.3k  0.07  
PROF_DETECT_STATEFUL_CONT    IPv6      58            31             2715          15319          3416        105.9k  0.03  
PROF_DETECT_PREFILTER       IPv6      17            64            23856          79619         35106          2.2m  0.71  
PROF_DETECT_PREFILTER       IPv6      58            31            18423          41824         22481        696.9k  0.22  
PROF_DETECT_PF_PAYLOAD      IPv6      17            64             8085          58712         16109          1.0m  0.33  
PROF_DETECT_PF_PAYLOAD      IPv6      58            31             7763          18522         10054        311.7k  0.10  
PROF_DETECT_PF_SORT1        IPv6      17            64             2575           5907          3514        224.9k  0.07  
PROF_DETECT_PF_SORT2        IPv6      17            64             2545           5013          3190        204.2k  0.06  
PROF_DETECT_PF_SORT2        IPv6      58            31             2516           4056          2858         88.6k  0.03  
PROF_DETECT_NONMPMLIST      IPv6      17            64             2525          36786          3599        230.4k  0.07  
PROF_DETECT_NONMPMLIST      IPv6      58            31             2540           3595          2988         

This file has been truncated. Go here to download in full.


stats.log - (3372 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
------------------------------------------------------------------------------------
Date: 2/11/2019 -- 12:55:16 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 4331
decoder.bytes                              | Total                     | 3066749
decoder.ipv4                               | Total                     | 4055
decoder.ipv6                               | Total                     | 95
decoder.ethernet                           | Total                     | 4331
decoder.tcp                                | Total                     | 4024
decoder.udp                                | Total                     | 95
decoder.icmpv6                             | Total                     | 31
decoder.avg_pkt_size                       | Total                     | 708
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 6
flow.udp                                   | Total                     | 20
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 6
tcp.syn                                    | Total                     | 6
tcp.synack                                 | Total                     | 6
tcp.rst                                    | Total                     | 3
tcp.overlap                                | Total                     | 2
tcp.insert_list_fail                       | Total                     | 1
detect.nonmpm_list                         | Total                     | 2
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.tls                         | Total                     | 5
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 19
flow_mgr.new_pruned                        | Total                     | 17
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 22
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.flows_timeout                     | Total                     | 17
flow_mgr.flows_timeout_inuse               | Total                     | 4
flow_mgr.flows_removed                     | Total                     | 13
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65514
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7080928


eve.json - (4984 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
{"timestamp":"2019-02-01T09:16:30.781419+0000","flow_id":455713452124228,"pcap_cnt":25,"event_type":"tls","src_ip":"192.168.100.26","src_port":49202,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:16:30.954690+0000","flow_id":314967373812034,"pcap_cnt":28,"event_type":"dns","src_ip":"192.168.100.26","src_port":52614,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":29393,"rrname":"www.download.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":314967373812034,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"www.download.windowsupdate.com","rrtype":"CNAME","ttl":2843,"rdata":"2-01-3cf7-0009.cdx.cedexis.net"}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":314967373812034,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"2-01-3cf7-0009.cdx.cedexis.net","rrtype":"CNAME","ttl":69,"rdata":"download.windowsupdate.com.edgesuite.net"}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":314967373812034,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"download.windowsupdate.com.edgesuite.net","rrtype":"CNAME","ttl":222,"rdata":"a767.dspw65.akamai.net"}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":314967373812034,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"a767.dspw65.akamai.net","rrtype":"A","ttl":19,"rdata":"2.16.186.56"}}
{"timestamp":"2019-02-01T09:16:30.979340+0000","flow_id":314967373812034,"pcap_cnt":29,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.26","dest_port":52614,"proto":"UDP","dns":{"type":"answer","id":29393,"rcode":"NOERROR","rrname":"a767.dspw65.akamai.net","rrtype":"A","ttl":19,"rdata":"2.16.186.81"}}
{"timestamp":"2019-02-01T09:16:31.073163+0000","flow_id":578779297546107,"pcap_cnt":104,"event_type":"http","src_ip":"192.168.100.26","src_port":49206,"dest_ip":"2.16.186.56","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed"}}
{"timestamp":"2019-02-01T09:17:32.040762+0000","flow_id":2197034931837777,"pcap_cnt":885,"event_type":"tls","src_ip":"192.168.100.26","src_port":50098,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:18:32.962990+0000","flow_id":1744351825276557,"pcap_cnt":1715,"event_type":"tls","src_ip":"192.168.100.26","src_port":51021,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:19:33.846837+0000","flow_id":1473212691376134,"pcap_cnt":2491,"event_type":"tls","src_ip":"192.168.100.26","src_port":51936,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:20:34.671515+0000","flow_id":1485148409444887,"pcap_cnt":3298,"event_type":"tls","src_ip":"192.168.100.26","src_port":52848,"dest_ip":"185.236.203.53","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA","issuerdn":"C=US, ST=Some-State, O=Seven Ltd, CN=Seven DSert SHA2 CA"}}
{"timestamp":"2019-02-01T09:21:26.741146+0000","flow_id":578779297546107,"event_type":"fileinfo","src_ip":"2.16.186.56","src_port":80,"dest_ip":"192.168.100.26","dest_port":49206,"proto":"TCP","http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":56560},"app_proto":"http","fileinfo":{"filename":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","gaps":false,"state":"CLOSED","stored":false,"size":56560,"tx_id":0}}


keyword_perf.log - (9500 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 2/11/2019 -- 12:55:16
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             305688          87              87              24200           3513.00         3513.00         0.00           
  content          12814652        193             84              11560578        66397.00        145543.00       5404.00        
  pcre             168076          31              21              22567           5421.00         4662.00         7016.00        
  byte_test        54068           15              4               5144            3604.00         3570.00         3617.00        
  byte_jump        52286           14              0               5840            3734.00         0.00            3734.00        
  isdataat         2820            1               0               2820            2820.00         0.00            2820.00        
  flowbits         93214           29              1               7296            3214.00         7296.00         3068.00        
  urilen           7173            2               1               4113            3586.00         4113.00         3060.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             305688          87              87              24200           3513.00         3513.00         0.00           
  flowbits         85918           28              0               4476            3068.00         0.00            3068.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          774717          160             76              73651           4841.00         6224.00         3591.00        
  pcre             145509          30              20              18102           4850.00         3767.00         7016.00        
  byte_test        54068           15              4               5144            3604.00         3570.00         3617.00        
  byte_jump        52286           14              0               5840            3734.00         0.00            3734.00        
  isdataat         2820            1               0               2820            2820.00         0.00            2820.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         7296            1               1               7296            7296.00         7296.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7913            2               0               4194            3956.00         0.00            3956.00        
  urilen           7173            2               1               4113            3586.00         4113.00         3060.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3656            1               0               3656            3656.00         0.00            3656.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11999091        23              4               11560578        521699.00       2933816.00      13885.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13883           3               3               5310            4627.00         4627.00         0.00           
  pcre             22567           1               1               22567           22567.00        22567.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8365            2               0               4297            4182.00         0.00            4182.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3627            1               0               3627            3627.00         0.00            3627.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3400            1               1               3400            3400.00         3400.00         0.00           


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2019-02-11 12:55:06,741 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-02-11 12:55:07,525 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-02-11 12:55:07,526 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-02-11 12:55:07,527 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-02-11 12:55:07,527 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-02-11 12:55:07,527 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/a48827fb10dc44191437e6253df6f4b2d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/02042019.1133-47d9534d-8447-4d6b-b832-368a5b986a94.pcap -vvv -k none
2019-02-11 12:55:16,135 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-02-11 12:55:16,135 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.40303611755