1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 | Packet profile dump:
IP ver Proto cnt min max avg tot %%
------ ----- ---------- ------------ ------------ ----------- ----------- ---
IPv4 1 39 8686964 385093866 284503227 11.1b 7.05
IPv4 2 14 6080208 380490510 126886836 1.8b 1.13
IPv4 6 316 2445812 276292062 195888751 61.9b 39.32
IPv4 17 349 6815750 386315272 236873776 82.7b 52.51
Note: Protocol 256 tracks pseudo/tunnel packets.
Per Thread module stats:
Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
TMM_FLOWWORKER IPv4 1 39 134368 322924 221805 8.7m 1.93
TMM_FLOWWORKER IPv4 2 14 133370 7327636 694482 9.7m 2.17
TMM_FLOWWORKER IPv4 6 316 138946 13579834 601055 189.9m 42.32
TMM_FLOWWORKER IPv4 17 349 206700 21969256 608490 212.4m 47.32
TMM_RECEIVEPCAPFILE IPv4 1 39 4470 6274 4930 192.3k 0.04
TMM_RECEIVEPCAPFILE IPv4 2 14 4472 5720 4976 69.7k 0.02
TMM_RECEIVEPCAPFILE IPv4 6 312 4442 20808236 72000 22.5m 5.01
TMM_RECEIVEPCAPFILE IPv4 17 349 4438 7106 4873 1.7m 0.38
TMM_DECODEPCAPFILE IPv4 1 39 4634 27780 5627 219.5k 0.05
TMM_DECODEPCAPFILE IPv4 2 14 4592 17672 5975 83.7k 0.02
TMM_DECODEPCAPFILE IPv4 6 312 4560 27132 5139 1.6m 0.36
TMM_DECODEPCAPFILE IPv4 17 349 4580 24456 5024 1.8m 0.39
Flow Worker IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
flow IPv4 1 39 5032 24838 7056 275.2k 0.07
flow IPv4 6 312 4898 122334 6163 1.9m 0.50
flow IPv4 17 349 4760 42234 7427 2.6m 0.67
stream IPv4 6 316 5518 437994 18140 5.7m 1.48
app-layer IPv4 17 349 4432 63718 15266 5.3m 1.38
detect IPv4 1 39 113856 297708 198098 7.7m 2.00
detect IPv4 2 14 124088 7307642 682340 9.6m 2.47
detect IPv4 6 316 98406 13204656 540839 170.9m 44.22
detect IPv4 17 349 178666 21697734 517933 180.8m 46.77
tcp-prune IPv4 6 316 4468 24082 5448 1.7m 0.45
Note: stream includes app-layer for TCP
Per App layer parser stats:
App Layer IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
http IPv4 6 4 5192 37880 13985 55.9k 3.12
http IPv4 17 1 11632 11632 11632 11.6k 0.65
dns IPv4 17 199 5202 40002 8661 1.7m 96.23
Proto detect IPv4 17 199 4930 47832 8012 1.6m
Log Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
Logger/output stats:
Logger IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
LOGGER_JSON_DNS IPv4 17 100 32600 7258202 150959 15.1m 95.15
LOGGER_JSON_HTTP IPv4 6 2 113306 268022 190664 381.3k 2.40
LOGGER_JSON_FILE IPv4 6 3 73730 183666 129528 388.6k 2.45
Prefilter IP ver Proto cnt min max avg tot %%
-------------------- ------ ----- ---------- ------------ ------------ ----------- --------- ---
payload IPv4 1 39 6894 42658 16658 649.7k 1.15
payload IPv4 6 213 4576 588708 30103 6.4m 11.30
payload IPv4 17 349 5220 117112 18802 6.6m 11.57
stream IPv4 6 213 4452 946318 57128 12.2m 21.45
http_uri IPv4 6 2 7856 40270 24063 48.1k 0.08
http_request_line IPv4 6 2 11018 16544 13781 27.6k 0.05
http_client_body IPv4 6 2 6694 51732 29213 58.4k 0.10
http_header (request) IPv4 6 2 83990 113906 98948 197.9k 0.35
http_header (request trailer) IPv4 6 2 4512 4530 4521 9.0k 0.02
http_header_names (request) IPv4 6 2 34342 448188 241265 482.5k 0.85
http_accept (request) IPv4 6 2 5946 6214 6080 12.2k 0.02
http_referer (request) IPv4 6 2 8132 9296 8714 17.4k 0.03
http_content_len (request) IPv4 6 2 5772 7422 6597 13.2k 0.02
http_content_type (request) IPv4 6 2 5504 15952 10728 21.5k 0.04
http_protocol (request) IPv4 6 2 7330 8786 8058 16.1k 0.03
http_start (request) IPv4 6 2 21008 28368 24688 49.4k 0.09
http_raw_header (request) IPv4 6 2 21846 23238 22542 45.1k 0.08
http_method IPv4 6 2 8442 10110 9276 18.6k 0.03
http_cookie (request) IPv4 6 2 5416 5554 5485 11.0k 0.02
http_raw_uri IPv4 6 2 7398 8948 8173 16.3k 0.03
http_user_agent IPv4 6 2 29832 34688 32260 64.5k 0.11
http_host IPv4 6 2 9298 9842 9570 19.1k 0.03
dns_query IPv4 17 49 4906 29118 10984 538.3k 0.95
http_response_line IPv4 6 2 15574 16410 15992 32.0k 0.06
http_header (response) IPv4 6 2 54960 69398 62179 124.4k 0.22
http_header (response trailer) IPv4 6 2 4888 7194 6041 12.1k 0.02
http_content_type (response) IPv4 6 2 15408 16872 16140 32.3k 0.06
http_raw_header (response) IPv4 6 203 7250 41316 8529 1.7m 3.05
http_cookie (response) IPv4 6 2 10160 10906 10533 21.1k 0.04
http_stat_code IPv4 6 2 5846 6294 6070 12.1k 0.02
file_data (http response) IPv4 6 201 4476 1514842 135814 27.3m 48.13
Total IPv4 1315 43134 56.7m
General detection engine stats:
Detection phase IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
PROF_DETECT_IPONLY IPv4 1 26 41850 70416 50479 1.3m 0.29
PROF_DETECT_IPONLY IPv4 2 14 41894 201318 68648 961.1k 0.21
PROF_DETECT_IPONLY IPv4 6 4 12858 83216 54602 218.4k 0.05
PROF_DETECT_IPONLY IPv4 17 194 5680 125028 51090 9.9m 2.21
PROF_DETECT_RULES IPv4 1 39 13438 76028 31086 1.2m 0.27
PROF_DETECT_RULES IPv4 2 14 4460 6284 5132 71.8k 0.02
PROF_DETECT_RULES IPv4 6 316 4474 12128804 236258 74.7m 16.66
PROF_DETECT_RULES IPv4 17 349 76686 21427766 306832 107.1m 23.89
PROF_DETECT_STATEFUL_START IPv4 6 176 8948 9628924 216817 38.2m 8.51
PROF_DETECT_STATEFUL_CONT IPv4 1 39 4410 6746 5027 196.1k 0.04
PROF_DETECT_STATEFUL_CONT IPv4 2 14 4422 6204 4984 69.8k 0.02
PROF_DETECT_STATEFUL_CONT IPv4 6 316 4420 79524 20105 6.4m 1.42
PROF_DETECT_STATEFUL_CONT IPv4 17 349 4404 95588 7474 2.6m 0.58
PROF_DETECT_STATEFUL_UPDATE IPv4 6 307 4476 85618 5592 1.7m 0.38
PROF_DETECT_STATEFUL_UPDATE IPv4 17 110 4538 27546 5635 619.9k 0.14
PROF_DETECT_PREFILTER IPv4 1 39 38948 109690 61019 2.4m 0.53
PROF_DETECT_PREFILTER IPv4 2 14 13760 7191006 531917 7.4m 1.66
PROF_DETECT_PREFILTER IPv4 6 316 13970 1758928 210273 66.4m 14.83
PROF_DETECT_PREFILTER IPv4 17 349 41568 219878 67472 23.5m 5.25
PROF_DETECT_PF_PAYLOAD IPv4 1 39 16006 51778 26988 1.1m 0.23
PROF_DETECT_PF_PAYLOAD IPv4 6 213 23462 996804 102624 21.9m 4.88
PROF_DETECT_PF_PAYLOAD IPv4 17 349 14310 126274 29043 10.1m 2.26
PROF_DETECT_PF_TX IPv4 6 307 4544 1536906 112081 34.4m 7.68
PROF_DETECT_PF_TX IPv4 17 55 4592 55096 20334 1.1m 0.25
PROF_DETECT_PF_SORT1 IPv4 1 34 4514 6362 5079 172.7k 0.04
PROF_DETECT_PF_SORT1 IPv4 6 122 4458 36180 6182 754.3k 0.17
PROF_DETECT_PF_SORT1 IPv4 17 349 4510 34540 6508 2.3m 0.51
PROF_DETECT_PF_SORT2 IPv4 1 39 4460 24966 5739 223.8k 0.05
PROF_DETECT_PF_SORT2 IPv4 2 14 4420 5732 4993 69.9k 0.02
PROF_DETECT_PF_SORT2 IPv4 6 316 4456 25118 5247 1.7m 0.37
PROF_DETECT_PF_SORT2 IPv4 17 349 4458 48622 5680 2.0m 0.44
PROF_DETECT_NONMPMLIST IPv4 1 39 4422 6684 5028 196.1k 0.04
PROF_DETECT_NONMPMLIST IPv4 2 14 4428 5760 5077 71.1k 0.02
PROF_DETECT_NONMPMLIST IPv4 6 316 4424 34024 5265 1.7m 0.37
PROF_DETECT_NONMPMLIST IPv4 17 349 4424 38288 5800 2.0m 0.45
PROF_DETECT_ALERT IPv4 1 39 4442 6408 4931 192.3k 0.04
PROF_DETECT_ALERT IPv4 2 14 4464 7380 5332 74.7k 0.02
PROF_DETECT_ALERT IPv4 6 316 4430 40840 5147 1.6m 0.36
PROF_DETECT_ALERT IPv4 17 349 4426 131152 5378 1.9m 0.42
PROF_DETECT_CLEANUP IPv4 1 39 4526 35622 5801 226.3k 0.05
PROF_DETECT_CLEANUP IPv4 2 14 4422 41822 7752 108.5k 0.02
PROF_DETECT_CLEANUP IPv4 6 316 4514 22956 5323 1.7m 0.38
PROF_DETECT_CLEANUP IPv4 17 349 4422 36482 5890 2.1m 0.46
PROF_DETECT_GETSGH IPv4 1 39 4474 21640 5509 214.9k 0.05
PROF_DETECT_GETSGH IPv4 2 14 4498 6538 5186 72.6k 0.02
PROF_DETECT_GETSGH IPv4 6 316 4424 23992 5131 1.6m 0.36
PROF_DETECT_GETSGH IPv4 17 349 4430 10428646 39526 13.8m 3.08
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | ------------------------------------------------------------------------------------
Date: 9/23/2019 -- 11:38:36 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
decoder.pkts | Total | 825
decoder.bytes | Total | 272054
decoder.ipv4 | Total | 714
decoder.ethernet | Total | 825
decoder.tcp | Total | 312
decoder.udp | Total | 349
decoder.icmpv4 | Total | 39
decoder.avg_pkt_size | Total | 329
decoder.max_pkt_size | Total | 1153
flow.tcp | Total | 2
flow.udp | Total | 145
tcp.sessions | Total | 2
tcp.syn | Total | 2
tcp.synack | Total | 2
detect.mpm_list | Total | 9
detect.nonmpm_list | Total | 2
detect.fnonmpm_list | Total | 1
detect.match_list | Total | 10
app_layer.flow.http | Total | 2
app_layer.tx.http | Total | 2
app_layer.flow.dns_udp | Total | 49
app_layer.tx.dns_udp | Total | 51
app_layer.flow.failed_udp | Total | 96
flow_mgr.new_pruned | Total | 87
flow.spare | Total | 10000
flow_mgr.flows_checked | Total | 136
flow_mgr.flows_notimeout | Total | 49
flow_mgr.flows_timeout | Total | 87
flow_mgr.flows_removed | Total | 87
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_skipped | Total | 65400
flow_mgr.rows_maxlen | Total | 1
tcp.memuse | Total | 573440
tcp.reassembly_memuse | Total | 81920
flow.memuse | Total | 7116640
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | {"timestamp":"2019-09-22T00:21:20.321711+0000","flow_id":1221629334055087,"pcap_cnt":35,"event_type":"dns","src_ip":"192.168.56.104","src_port":53894,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28920,"rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:20.324057+0000","flow_id":851570656866777,"pcap_cnt":36,"event_type":"dns","src_ip":"192.168.56.104","src_port":64248,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21149,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:20.324414+0000","flow_id":81074998801214,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.56.104","src_port":57211,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60444,"rrname":"4.2.0.2.f.7.6.9.6.5.b.5.a.7.9.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:20.333397+0000","flow_id":1523071613670997,"pcap_cnt":40,"event_type":"dns","src_ip":"192.168.56.104","src_port":57939,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27884,"rrname":"114.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:21.310125+0000","flow_id":1467215564094317,"pcap_cnt":41,"event_type":"dns","src_ip":"192.168.56.104","src_port":57211,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60444,"rrname":"4.2.0.2.f.7.6.9.6.5.b.5.a.7.9.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:21.310224+0000","flow_id":785269246770128,"pcap_cnt":42,"event_type":"dns","src_ip":"192.168.56.104","src_port":64248,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21149,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:21.310295+0000","flow_id":494826378345495,"pcap_cnt":43,"event_type":"dns","src_ip":"192.168.56.104","src_port":53894,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28920,"rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:21.326367+0000","flow_id":418229931604703,"pcap_cnt":44,"event_type":"dns","src_ip":"192.168.56.104","src_port":57939,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27884,"rrname":"114.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:21.363290+0000","flow_id":785269246770128,"pcap_cnt":54,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":64248,"proto":"UDP","dns":{"type":"answer","id":21149,"rcode":"NXDOMAIN","rrname":"103.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-22T00:21:21.366700+0000","flow_id":494826378345495,"pcap_cnt":58,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":53894,"proto":"UDP","dns":{"type":"answer","id":28920,"rcode":"NXDOMAIN","rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-22T00:21:21.366700+0000","flow_id":494826378345495,"pcap_cnt":58,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":53894,"proto":"UDP","dns":{"type":"answer","id":28920,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3334}}
{"timestamp":"2019-09-22T00:21:21.367479+0000","flow_id":1467215564094317,"pcap_cnt":62,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":57211,"proto":"UDP","dns":{"type":"answer","id":60444,"rcode":"NXDOMAIN","rrname":"4.2.0.2.f.7.6.9.6.5.b.5.a.7.9.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-22T00:21:21.367479+0000","flow_id":1467215564094317,"pcap_cnt":62,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":57211,"proto":"UDP","dns":{"type":"answer","id":60444,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":2914}}
{"timestamp":"2019-09-22T00:21:21.378976+0000","flow_id":418229931604703,"pcap_cnt":68,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":57939,"proto":"UDP","dns":{"type":"answer","id":27884,"rcode":"NXDOMAIN","rrname":"114.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-22T00:21:21.814573+0000","flow_id":282513259982317,"pcap_cnt":82,"event_type":"dns","src_ip":"192.168.56.104","src_port":56266,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20502,"rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:21.814810+0000","flow_id":908625002458842,"pcap_cnt":83,"event_type":"dns","src_ip":"192.168.56.104","src_port":49871,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28119,"rrname":"113.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:22.139827+0000","flow_id":282513259982317,"pcap_cnt":90,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.104","dest_port":56266,"proto":"UDP","dns":{"type":"answer","id":20502,"rcode":"NOERROR","rrname":"8.8.8.8.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-09-22T00:21:22.147198+0000","flow_id":918623686377214,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.56.104","src_port":58700,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40699,"rrname":"www.koa888.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-22T00:21:22.236816+0000","flow_id":1423011760741648,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.56.104","src_port":59575,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19147,"rrname":"112.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:22.400696+0000","flow_id":336969150373176,"pcap_cnt":97,"event_type":"dns","src_ip":"192.168.56.104","src_port":61430,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36833,"rrname":"keek.asmtoken.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-22T00:21:22.810865+0000","flow_id":381396292099953,"pcap_cnt":108,"event_type":"dns","src_ip":"192.168.56.104","src_port":49871,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28119,"rrname":"113.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:22.864204+0000","flow_id":381396292099953,"pcap_cnt":109,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":49871,"proto":"UDP","dns":{"type":"answer","id":28119,"rcode":"NXDOMAIN","rrname":"113.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-22T00:21:23.138466+0000","flow_id":586412261055714,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.56.104","src_port":58700,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40699,"rrname":"www.koa888.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.192002+0000","flow_id":342423758958082,"pcap_cnt":126,"event_type":"dns","src_ip":"192.168.56.104","src_port":49366,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23996,"rrname":"7.f.3.e.d.b.2.7.0.1.0.0.b.7.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.208035+0000","flow_id":586412261055714,"pcap_cnt":127,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":58700,"proto":"UDP","dns":{"type":"answer","id":40699,"rcode":"NOERROR","rrname":"www.koa888.com","rrtype":"A","ttl":299,"rdata":"104.18.46.30"}}
{"timestamp":"2019-09-22T00:21:23.208035+0000","flow_id":586412261055714,"pcap_cnt":127,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":58700,"proto":"UDP","dns":{"type":"answer","id":40699,"rcode":"NOERROR","rrname":"www.koa888.com","rrtype":"A","ttl":299,"rdata":"104.18.47.30"}}
{"timestamp":"2019-09-22T00:21:23.232268+0000","flow_id":1458969227004748,"pcap_cnt":129,"event_type":"dns","src_ip":"192.168.56.104","src_port":59575,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":19147,"rrname":"112.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.285495+0000","flow_id":1458969227004748,"pcap_cnt":134,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":59575,"proto":"UDP","dns":{"type":"answer","id":19147,"rcode":"NXDOMAIN","rrname":"112.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-22T00:21:23.388671+0000","flow_id":424814116597311,"pcap_cnt":144,"event_type":"dns","src_ip":"192.168.56.104","src_port":61430,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36833,"rrname":"keek.asmtoken.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.457964+0000","flow_id":424814116597311,"pcap_cnt":149,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":61430,"proto":"UDP","dns":{"type":"answer","id":36833,"rcode":"NOERROR","rrname":"keek.asmtoken.com","rrtype":"A","ttl":299,"rdata":"104.18.50.64"}}
{"timestamp":"2019-09-22T00:21:23.457964+0000","flow_id":424814116597311,"pcap_cnt":149,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":61430,"proto":"UDP","dns":{"type":"answer","id":36833,"rcode":"NOERROR","rrname":"keek.asmtoken.com","rrtype":"A","ttl":299,"rdata":"104.18.51.64"}}
{"timestamp":"2019-09-22T00:21:23.822278+0000","flow_id":2154839828302854,"pcap_cnt":221,"event_type":"dns","src_ip":"192.168.56.104","src_port":60824,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28034,"rrname":"30.46.18.104.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.822468+0000","flow_id":1893980694613188,"pcap_cnt":222,"event_type":"dns","src_ip":"192.168.56.104","src_port":59066,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46228,"rrname":"8.6.c.6.6.a.3.7.b.2.c.a.5.4.8.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.822602+0000","flow_id":1596442540215626,"pcap_cnt":223,"event_type":"dns","src_ip":"192.168.56.104","src_port":65341,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12830,"rrname":"110.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.822743+0000","flow_id":1398427368000983,"pcap_cnt":224,"event_type":"dns","src_ip":"192.168.56.104","src_port":54955,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41705,"rrname":"64.50.18.104.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.845828+0000","flow_id":870081966050572,"pcap_cnt":232,"event_type":"http","src_ip":"192.168.56.104","src_port":49164,"dest_ip":"104.18.50.64","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"keek.asmtoken.com","url":"\/kss_io\/io.php?v=13&b=1&s=10000002&e=get&line=1kstoken80597805589","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.2; )","http_content_type":"text\/html"}}
{"timestamp":"2019-09-22T00:21:23.845828+0000","flow_id":870081966050572,"pcap_cnt":232,"event_type":"fileinfo","src_ip":"192.168.56.104","src_port":49164,"dest_ip":"104.18.50.64","dest_port":80,"proto":"TCP","http":{"hostname":"keek.asmtoken.com","url":"\/kss_io\/io.php?v=13&b=1&s=10000002&e=get&line=1kstoken80597805589","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.2; )","http_content_type":"text\/html","http_refer":"http:\/\/keek.asmtoken.com\/","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":180},"app_proto":"http","fileinfo":{"filename":"\/kss_io\/io.php","gaps":false,"state":"CLOSED","stored":false,"size":126,"tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.875184+0000","flow_id":1596442540215626,"pcap_cnt":233,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":65341,"proto":"UDP","dns":{"type":"answer","id":12830,"rcode":"NXDOMAIN","rrname":"110.56.168.192.in-addr.arpa"}}
{"timestamp":"2019-09-22T00:21:23.879797+0000","flow_id":1893980694613188,"pcap_cnt":237,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":59066,"proto":"UDP","dns":{"type":"answer","id":46228,"rcode":"NXDOMAIN","rrname":"8.6.c.6.6.a.3.7.b.2.c.a.5.4.8.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-22T00:21:23.879797+0000","flow_id":1893980694613188,"pcap_cnt":237,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":59066,"proto":"UDP","dns":{"type":"answer","id":46228,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3332}}
{"timestamp":"2019-09-22T00:21:23.895421+0000","flow_id":2154839828302854,"pcap_cnt":251,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":60824,"proto":"UDP","dns":{"type":"answer","id":28034,"rcode":"SERVFAIL","rrname":"30.46.18.104.in-addr.arpa"}}
{"timestamp":"2019-09-22T00:21:23.895733+0000","flow_id":1661708863253237,"pcap_cnt":252,"event_type":"dns","src_ip":"192.168.56.104","src_port":60824,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28034,"rrname":"30.46.18.104.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.895738+0000","flow_id":1398427368000983,"pcap_cnt":253,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":54955,"proto":"UDP","dns":{"type":"answer","id":41705,"rcode":"SERVFAIL","rrname":"64.50.18.104.in-addr.arpa"}}
{"timestamp":"2019-09-22T00:21:23.895888+0000","flow_id":1420129837755280,"pcap_cnt":254,"event_type":"dns","src_ip":"192.168.56.104","src_port":54955,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41705,"rrname":"64.50.18.104.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:23.971913+0000","flow_id":142553160864905,"pcap_cnt":285,"event_type":"dns","src_ip":"192.168.56.104","src_port":49407,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55438,"rrname":"f.f.1.4.e.f.c.1.0.e.d.3.1.0.0.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:24.028651+0000","flow_id":142553160864905,"pcap_cnt":313,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":49407,"proto":"UDP","dns":{"type":"answer","id":55438,"rcode":"NXDOMAIN","rrname":"f.f.1.4.e.f.c.1.0.e.d.3.1.0.0.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-22T00:21:24.028651+0000","flow_id":142553160864905,"pcap_cnt":313,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":49407,"proto":"UDP","dns":{"type":"answer","id":55438,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3331}}
{"timestamp":"2019-09-22T00:21:24.185243+0000","flow_id":1708764525024155,"pcap_cnt":457,"event_type":"dns","src_ip":"192.168.56.104","src_port":49366,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23996,"rrname":"7.f.3.e.d.b.2.7.0.1.0.0.b.7.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-22T00:21:24.242817+0000","flow_id":1708764525024155,"pcap_cnt":501,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":49366,"proto":"UDP","dns":{"type":"answer","id":23996,"rcode":"NXDOMAIN","rrname":"7.f.3.e.d.b.2.7.0.1.0.0.b.7.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa"}}
{"timestamp":"2019-09-22T00:21:24.242817+0000","flow_id":1708764525024155,"pcap_cnt":501,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.104","dest_port":49366,"proto":"UDP","dns":{"type":"answer","id":23996,"rcode":"NXDOMAIN","rrname":"ip6.arpa","rrtype":"SOA","ttl":3330}}
{"timestamp":"2019-09-22T00:21:24.435377+0000","flow_id":2225745443368997,"pcap_cnt":509,"event_type":"http","src_ip":"192.168.56.104","src_port":49163,"dest_ip":"104.18.46.30","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.koa888.com","url":"\/L.l","http_user_agent":"Mozill
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | --------------------------------------------------------------------------
Date: 9/23/2019 -- 11:38:36. Sorted by: max ticks.
--------------------------------------------------------------------------
Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match
-------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
1 2014306 1 3 6031424 5.15 2 0 5948230 3015712.00 0.00 3015712.00
2 2816910 1 2 636398 0.54 2 0 546192 318199.00 0.00 318199.00
3 2018981 1 4 570874 0.49 2 0 504912 285437.00 0.00 285437.00
4 2816327 1 4 545446 0.47 2 0 487032 272723.00 0.00 272723.00
5 2816929 1 4 524156 0.45 2 0 478342 262078.00 0.00 262078.00
6 2821561 1 2 516292 0.44 2 0 470346 258146.00 0.00 258146.00
7 2819664 1 2 4531960 3.87 25 0 341050 181278.40 0.00 181278.40
8 2819930 1 2 4523364 3.86 25 0 330964 180934.56 0.00 180934.56
9 2820158 1 2 5457536 4.66 24 0 318908 227397.33 0.00 227397.33
10 2820157 1 2 5272942 4.50 24 0 307304 219705.92 0.00 219705.92
11 2020865 1 3 2498094 2.13 16 0 251014 156130.88 0.00 156130.88
12 2804911 1 3 355526 0.30 4 0 183152 88881.50 0.00 88881.50
13 2804907 1 3 285758 0.24 3 0 153184 95252.67 0.00 95252.67
14 2805348 1 4 1448346 1.24 16 0 145960 90521.62 0.00 90521.62
15 2828122 1 2 186326 0.16 2 0 138354 93163.00 0.00 93163.00
16 2802987 1 5 405716 0.35 6 0 132060 67619.33 0.00 67619.33
17 2811826 1 7 125092 0.11 1 0 125092 125092.00 0.00 125092.00
18 2019881 1 3 174542 0.15 2 0 114250 87271.00 0.00 87271.00
19 2018010 1 5 164422 0.14 2 0 106560 82211.00 0.00 82211.00
20 2010143 1 3 1920500 1.64 266 0 106370 7219.92 0.00 7219.92
21 2816909 1 2 198200 0.17 2 0 105822 99100.00 0.00 99100.00
22 2018358 1 7 173814 0.15 2 0 103554 86907.00 0.00 86907.00
23 2018452 1 15 174392 0.15 2 0 102028 87196.00 0.00 87196.00
24 2018316 1 4 1108420 0.95 16 0 100220 69276.25 0.00 69276.25
25 2816940 1 2 199080 0.17 2 0 99908 99540.00 0.00 99540.00
26 2018666 1 4 968310 0.83 16 0 97912 60519.38 0.00 60519.38
27 2024771 1 1 2103998 1.80 202 0 96608 10415.83 0.00 10415.83
28 2020742 1 1 957362 0.82 16 0 95346 59835.12 0.00 59835.12
29 2804906 1 3 95092 0.08 1 0 95092 95092.00 0.00 95092.00
30 2816895 1 2 94640 0.08 1 0 94640 94640.00 0.00 94640.00
31 2016706 1 20 93852 0.08 1 0 93852 93852.00 0.00 93852.00
32 2816925 1 3 136174 0.12 2 0 90738 68087.00 0.00 68087.00
33 2828060 1 4 87964 0.08 1 0 87964 87964.00 0.00 87964.00
34 2017613 1 9 137340 0.12 2 0 87480 68670.00 0.00 68670.00
35 2016858 1 10 147968 0.13 2 0 87354 73984.00 0.00 73984.00
36 2016537 1 2 2461298 2.10 94 0 85428 26184.02 0.00 26184.02
37 2816927 1 3 129942 0.11 2 0 84602 64971.00 0.00 64971.00
38 2803657 1 5 146978 0.13 2 0 84440 73489.00 0.00 73489.00
39 2021418 1 9 84180 0.07 1 0 84180 84180.00 0.00 84180.00
40 2024178 1 2 84162 0.07 1 0 84162 84162.00 0.00 84162.00
41 2020741 1 1 931006 0.80 16 0 81804 58187.88 0.00 58187.88
42 2806132 1 3 81460 0.07 1 0 81460 81460.00 0.00 81460.00
43 2820851 1 5 141280 0.12 2 0 81258 70640.00 0.00 70640.00
44 2803027 1 6 288240 0.25 4 0 80406 72060.00 0.00 72060.00
45 2816356 1 2 126034 0.11 2 0 80006 63017.00 0.00 63017.00
46 2819785 1 2 79900 0.07 1 0 79900 79900.00 0.00 79900.00
47 2022609 1 2 78866 0.07 1 0 78866 78866.00 0.00 78866.00
48 2014703 1 9 1791946 1.53 112 0 77932 15999.52 0.00 15999.52
49 2816928 1 3 122698 0.10 2 0 77576 61349.00 0.00 61349.00
50 2021718 1 4 77572 0.07 1 0 77572 77572.00 0.00 77572.00
51 2009702 1 5 1258138 1.07 112 0 76560 11233.38 0.00 11233.38
52 2017036 1 3 76390 0.07 1 0 76390 76390.00 0.00 76390.00
53 2022552 1 2 551576 0.47 15 0 76008 36771.73 0.00 36771.73
54 2025064 1 5 147894 0.13 2 0 75832 73947.00 0.00 73947.00
55 2809850 1 2 823934 0.70 24 0 75822 34330.58 0.00 34330.58
56 2809363 1 3 75268 0.06 1 0 75268 75268.00 0.00 75268.00
57 2014701 1 12 2389254 2.04 112 0 74554 21332.62 0.00 21332.62
58 2815180 1 3 74458 0.06 1 0 74458 74458.00 0.00 74458.00
59 2812433 1 2 72580 0.06 1 0 72580 72580.00 0.00 72580.00
60 2816930 1 4 118788 0.10 2 0 72380 59394.00 0.00 59394.00
61 2816931 1 3 116590 0.10 2 0 72296 58295.00 0.00 58295.00
62 2017259 1 12 70786 0.06 1 0 70786 70786.00 0.00 70786.00
63 2014442 1 6 70536 0.06 1 0 70536 70536.00 0.00 70536.00
64 2021038 1 4 70430 0.06 1 0 70430 70430.00 0.00 70430.00
65 2807793 1 4 70348 0.06 1 0 70348 70348.00 0.00 70348.00
66 2816922 1 5 117460 0.10 2 0 69964 58730.00 0.00 58730.00
67 2806802 1 2 1765682 1.51 50 0 69906 35313.64 0.00 35313.64
68 2807970 1 8 69706 0.06 1 0 69706 69706.00 0.00 69706.00
69 2815817 1 5 125490 0.11 2 0 68080 62745.00 0.00 62745.00
70 2017948 1 2 67258 0.06 1 0 67258 67258.00 0.00 67258.00
71 2816525 1 10 131696 0.11 2 0 66578 65848.00 0.00 65848.00
72 2016948 1 2 781176 0.67 31 0 66150 25199.23 0.00 25199.23
73 2803760 1 3 1568314 1.34 55 0 65672 28514.80 0.00 28514.80
74 2821471 1 2 65320 0.06 1 0 65320 65320.00 0.00 65320.00
75 2017261 1 3 65312 0.06 1 0 65312 65312.00 0.00 65312.00
76 2017076 1 9 65030 0.06 1 0 65030 65030.00 0.00 65030.00
77 2020181 1 8 64970 0.06 1 0 64970 64970.00 0.00 64970.00
78 2017454 1 12 64084 0.05 1 0 64084 64084.00 0.00 64084.00
79 2815181 1 3 63764 0.05 1 0 63764 63764.00 0.00 63764.00
80 2816530 1 2 63622 0.05 1 0 63622 63622.00 0.00 63622.00
81 2017552 1 6 2412988 2.06 96 0 63292 25135.29 0.00 25135.29
82 2815220 1 2 63250 0.05 1 0 63250 63250.00 0.00 63250.00
83 2008782 1 5 63250 0.05 1 0 63250 63250.00 0.00 63250.00
84 2815182 1 3 62282 0.05 1 0 62282 62282.00 0.00 62282.00
85 2008086 1 5 62084 0.05 1 0 62084 62084.00 0.00 62084.00
86 2013667 1 3 61474 0.05 1 0 61474 61474.00 0.00 61474.00
87 2826281 1 2 1591336 1.36 55 0 60804 28933.38 0.00 28933.38
88 2010140 1 7 2645604 2.26 266 0 60736 9945.88 0.00 9945.88
89 2019344 1 5 119730 0.10 2 0 60306 59865.00 0.00 59865.00
90 2022545 1 1 493622 0.42 16 0 60106 30851.38 0.00 30851.38
91 2017269 1 2 60092 0.05 1 0 60092 60092.00 0.00 60092.00
92 2827641 1 2 59690 0.05 1 0 59690 59690.00 0.00 59690.00
93 2811905 1 3 59644 0.05 1 0 59644 59644.00 0.00 59644.00
94 2014702 1 9 1766088 1.51 112 0 59348 15768.64 0.00 15768.64
95 2022531 1 1 473314 0.40 16 0 59284 29582.12 0.00 29582.12
96 2811842 1 2 58978 0.05 1 0 58978 58978.00 0.00 58978.00
97 2805564 1 4 58878 0.05 1 0 58878 58878.00 0.00 58878.00
98 2018375 1 3 216768 0.19 8 0 58674 27096.00 0.00 27096.00
99 2815568 1 2 58284 0.05 1 0 58284 58284.00 0.00 58284.00
100 2021399 1 3 58114 0.05 1 0 58114 58114.00 0.00 58114.00
101 2020962 1 3 58036 0.05 1 0 58036 58036.00 0.00 58036.00
102 2018242 1 5 113688 0.10 2 0 57884 56844.00 0.00 56844.00
103 2804927 1 2 57826 0.05 1 0 57826 57826.00 0.00 57826.00
104 2815156 1 2 57784 0.05 1 0 57784 57784.00 0.00 57784.00
105 2008738 1 9 108314 0.09 2 2 57746 54157.00 54157.00 0.00
106 2016251 1 6 57532 0.05 1 0 57532 57532.00 0.00 57532.00
107 2022544 1 1 57402 0.05 1 0 57402 57402.00 0.00 57402.00
108 2018496 1 9 104310 0.09 2 0 57286 52155.00 0.00 52155.00
109 2810991 1 4 57226 0.05 1 0 57226 57226.00 0.00 57226.00
110 2017119 1 4 57204 0.05 1 0 57204 57204.00 0.00 57204.00
111 2017556 1 3 57170 0.05 1 0 57170 57170.00 0.00 57170.00
112 2021413 1 2 57130 0.05 1 0 57130 57130.00 0.00 57130.00
113 2809859 1 6 56826 0.05 1 0 56826 56826.00 0.00 56826.00
114 2816330 1 2 55982 0.05 1 0 55982 55982.00 0.00 55982.00
115 2018983 1 7 103330 0.09 2 0 55960 51665.00 0.00 51665.00
116 2824637 1 2 55920 0.05 1 0 55920 55920.00 0.00 55920.00
117 2014519 1 7 1106368 0.95 32 0 55750 34574.00 0.00 34574.00
118 2022502 1 4 91496 0.08 2 0 55456 45748.00 0.00 45748.00
119 2819887 1 2 55400 0.05 1 0 55400 55400.00 0.00 55400.00
120 2014380 1 4 82140 0.07 2 0 55394 41070.00 0.00 41070.00
121 2019378 1 12 55294 0.05 1 0 55294 55294.00 0.00 55294.00
122 2024829 1 2 755426 0.65 21 0 55238 35972.67 0.00 35972.67
123 2014473 1 5 572604 0.49 23 0 55072 24895.83 0.00 24895.83
124 2017456 1 3 55032 0.05 1 0 55032 55032.00 0.00 55032.00
125 2022901 1 2 5
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 | lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a48e9c9657241ca05c8e1ccc2ceecdca56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09232019.1138-pcap.pcap -vvv -k none
elapsedtime:26.636237
stderr:
stdout:
23/9/2019 -- 11:38:09 - <Info> - Configuration node 'rule-files' redefined.
23/9/2019 -- 11:38:09 - <Notice> - This is Suricata version 4.0.0 RELEASE
23/9/2019 -- 11:38:09 - <Info> - CPUs/cores online: 1
23/9/2019 -- 11:38:09 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33372 and 'request-body-inspect-window' set to 17137 after randomization.
23/9/2019 -- 11:38:09 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31542 and 'response-body-inspect-window' set to 15897 after randomization.
23/9/2019 -- 11:38:09 - <Config> - DNS request flood protection level: 500
23/9/2019 -- 11:38:09 - <Config> - DNS per flow memcap (state-memcap): 524288
23/9/2019 -- 11:38:09 - <Config> - DNS global memcap: 16777216
23/9/2019 -- 11:38:09 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
23/9/2019 -- 11:38:09 - <Config> - preallocated 1000 hosts of size 136
23/9/2019 -- 11:38:09 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
23/9/2019 -- 11:38:09 - <Config> - using magic-file /usr/share/file/magic
23/9/2019 -- 11:38:09 - <Config> - Core dump size is unlimited.
23/9/2019 -- 11:38:09 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
23/9/2019 -- 11:38:09 - <Config> - preallocated 1000 defrag trackers of size 168
23/9/2019 -- 11:38:09 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
23/9/2019 -- 11:38:09 - <Config> - stream "prealloc-sessions": 2048 (per thread)
23/9/2019 -- 11:38:09 - <Config> - stream "memcap": 33554432
23/9/2019 -- 11:38:09 - <Config> - stream "midstream" session pickups: disabled
23/9/2019 -- 11:38:09 - <Config> - stream "async-oneside": disabled
23/9/2019 -- 11:38:09 - <Config> - stream "checksum-validation": disabled
23/9/2019 -- 11:38:09 - <Config> - stream."inline": disabled
23/9/2019 -- 11:38:09 - <Config> - stream "bypass": disabled
23/9/2019 -- 11:38:09 - <Config> - stream "max-synack-queued": 5
23/9/2019 -- 11:38:09 - <Config> - stream.reassembly "memcap": 134217728
23/9/2019 -- 11:38:09 - <Config> - stream.reassembly "depth": 0
23/9/2019 -- 11:38:09 - <Config> - stream.reassembly "toserver-chunk-size": 2600
23/9/2019 -- 11:38:09 - <Config> - stream.reassembly "toclient-chunk-size": 2454
23/9/2019 -- 11:38:09 - <Config> - stream.reassembly.raw: enabled
23/9/2019 -- 11:38:09 - <Config> - stream.reassembly "segment-prealloc": 2048
23/9/2019 -- 11:38:09 - <Config> - Delayed detect disabled
23/9/2019 -- 11:38:09 - <Config> - pattern matchers: MPM: ac, SPM: bm
23/9/2019 -- 11:38:09 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
23/9/2019 -- 11:38:09 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
23/9/2019 -- 11:38:09 - <Config> - prefilter engines: MPM
23/9/2019 -- 11:38:09 - <Config> - IP reputation disabled
23/9/2019 -- 11:38:09 - <Perf> - Registered 148 keyword profiling counters.
23/9/2019 -- 11:38:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
23/9/2019 -- 11:38:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
23/9/2019 -- 11:38:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
23/9/2019 -- 11:38:15 - <Config> - No rules loaded from ET-icmp.rules.
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
23/9/2019 -- 11:38:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
23/9/2019 -- 11:38:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
23/9/2019 -- 11:38:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
23/9/2019 -- 11:38:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
23/9/2019 -- 11:38:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
23/9/2019 -- 11:38:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
23/9/2019 -- 11:38:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
23/9/2019 -- 11:38:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
23/9/2019 -- 11:38:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
23/9/2019 -- 11:38:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
23/9/2019 -- 11:38:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
23/9/2019 -- 11:38:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
23/9/2019 -- 11:38:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
23/9/2019 -- 11:38:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
23/9/2019 -- 11:38:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
23/9/2019 -- 11:38:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
23/9/2019 -- 11:38:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
23/9/2019 -- 11:38:24 - <Config> - No rules loaded from local.rules.
23/9/2019 -- 11:38:24 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
23/9/2019 -- 11:38:24 - <Info> - Threshold config parsed: 0 rule(s) found
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for tcp-packet
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for tcp-stream
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for udp-packet
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for other-ip
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_uri
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_request_line
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_client_body
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_response_line
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_header
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_header
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_header_names
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_header_names
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_accept
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_accept_enc
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_accept_lang
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_referer
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_connection
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_content_len
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_content_len
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_content_type
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_content_type
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_protocol
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_protocol
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_start
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_start
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_raw_header
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_raw_header
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_method
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_cookie
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_cookie
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_raw_uri
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_user_agent
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_host
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_raw_host
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_stat_msg
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_stat_code
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for dns_query
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for tls_sni
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for tls_cert_issuer
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for tls_cert_subject
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for tls_cert_serial
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for dce_stub_data
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for dce_stub_data
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for ssh_protocol
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for ssh_protocol
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for ssh_software
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for ssh_software
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for file_data
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for file_data
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_request_line
23/9/2019 -- 11:38:24 - <Perf> - using shared mpm ctx' for http_response_line
23/9/2019 -- 11:38:25 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
23/9/2019 -- 11:38:25 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
23/9/2019 -- 11:38:25 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
23/9/2019 -- 11:38:25 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
23/9/2019 -- 11:38:25 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
23/9/2019 -- 11:38:25 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
23/9/2019 -- 11:38:25 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
23/9/2019 -- 11:38:25 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
23/9/2019 -- 11:38:31 - <Perf> - Unique rule groups: 104
23/9/2019 -- 11:38:31 - <Perf> - Builtin MPM "toserver TCP packet": 35
23/9/2019 -- 11:38:31 - <Perf> - Builtin MPM "toclient TCP packet": 17
23/9/2019 -- 11:38:31 - <Perf> - Builtin MPM "toserver TCP stream": 33
23/9/2019 -- 11:38:31 - <Perf> - Builtin MPM "toclient TCP stream": 19
23/9/2019 -- 11:38:31 - <Perf> - Builtin MPM "toserver UDP packet": 27
23/9/2019 -- 11:38:31 - <Perf> - Builtin MPM "toclient UDP packet": 17
23/9/2019 -- 11:38:31 - <Perf> - Builtin MPM "other IP packet": 3
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_uri": 14
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_request_line": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_client_body": 6
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient http_response_line": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_header": 10
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient http_header": 6
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_header_names": 2
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_accept": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_referer": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_content_len": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_content_type": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient http_content_type": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_protocol": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_start": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_method": 5
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_cookie": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient http_cookie": 2
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver http_host": 2
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver dns_query": 4
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver tls_sni": 2
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toserver file_data": 1
23/9/2019 -- 11:38:31 - <Perf> - AppLayer MPM "toclient file_data": 7
23/9/2019 -- 11:38:34 - <Perf> - Registered 39590 rule profiling counters.
23/9/2019 -- 11:38:34 - <Info> - fast output device (regular) initialized: alert
23/9/2019 -- 11:38:34 - <Info> - eve-log output device (regular) initialized: eve.json
23/9/2019 -- 11:38:34 - <Config> - enabling 'eve-log' module 'alert'
23/9/2019 -- 11:38:34 - <Config> - enabling 'eve-log' module 'http'
23/9/2019 -- 11:38:34 - <Config> - enabling 'eve-log' module 'dns'
23/9/2019 -- 11:38:34 - <Config> - enabling 'eve-log' module 'tls'
23/9/2019 -- 11:38:34 - <Config> - enabling 'eve-log' module 'files'
23/9/2019 -- 11:38:34 - <Config> - enabling 'eve-log' module 'ssh'
23/9/2019 -- 11:38:34 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
23/9/2019 -- 11:38:34 - <Info> - stats output device (regular) initialized: stats.log
23/9/2019 -- 11:38:34 - <Config> - AutoFP mode using "Hash" flow load balancer
23/9/2019 -- 11:38:34 - <Info> - reading pcap file /var/pcap/09232019.1138-pcap.pcap
23/9/2019 -- 11:38:34 - <Config> - using 1 flow manager threads
23/9/2019 -- 11:38:34 - <Config> - us
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 | --------------------------------------------------------------------------------------------------------------------------------
Date: 9/23/2019 -- 11:38:36
--------------------------------------------------------------------------------------------------------------------------------
Stats for: total
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 5228172 964 964 43884 5423.00 5423.00 0.00
content 27611864 1517 820 5884304 18201.00 24630.00 10638.00
pcre 2092168 219 17 48816 9553.00 11110.00 9422.00
byte_test 3351576 597 358 55104 5614.00 5729.00 5440.00
byte_jump 102756 16 16 25466 6422.00 6422.00 0.00
isdataat 199578 38 0 7262 5252.00 0.00 5252.00
flowbits 1434252 279 5 25140 5140.00 8315.00 5082.00
urilen 816610 63 26 433120 12962.00 7331.00 16919.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 5228172 964 964 43884 5423.00 5423.00 0.00
flowbits 1411548 277 3 25140 5095.00 6291.00 5082.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet/stream payload
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 5561490 806 521 119548 6900.00 6722.00 7225.00
pcre 567798 60 4 48816 9463.00 8060.00 9563.00
byte_test 3351576 597 358 55104 5614.00 5729.00 5440.00
byte_jump 102756 16 16 25466 6422.00 6422.00 0.00
isdataat 199578 38 0 7262 5252.00 0.00 5252.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: post-match
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flowbits 22704 2 2 15564 11352.00 11352.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_uri
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 514144 76 53 24154 6765.00 6266.00 7914.00
pcre 710758 45 3 44920 15794.00 12298.00 16044.00
urilen 816610 63 26 433120 12962.00 7331.00 16919.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_client_body
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 44422 7 4 7022 6346.00 6289.00 6422.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_response_line
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 11620 2 0 5904 5810.00 0.00 5810.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: file_data
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 13426942 440 126 157304 30515.00 69677.00 14801.00
pcre 558354 96 0 22846 5816.00 0.00 5816.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 7526618 120 74 5884304 62721.00 97428.00 6889.00
pcre 217804 14 6 42024 15557.00 13715.00 16939.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header_names
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 52818 8 1 8064 6602.00 7390.00 6489.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_content_type
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 18566 3 3 6550 6188.00 6188.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_method
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 85430 12 10 18960 7119.00 5979.00 12820.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_user_agent
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 352146 40 27 72830 8803.00 9477.00 7403.00
pcre 37454 4 4 14880 9363.00 9363.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_stat_code
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 17668 3 1 6496 5889.00 6496.00 5586.00
|
1 2 3 4 5 6 7 8 | 2019-09-23 11:38:08,822 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-23 11:38:09,671 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-23 11:38:09,671 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-23 11:38:09,672 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-23 11:38:09,672 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-23 11:38:09,672 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/a48e9c9657241ca05c8e1ccc2ceecdca56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09232019.1138-pcap.pcap -vvv -k none
2019-09-23 11:38:36,311 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-23 11:38:36,311 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.4992408752
|