Filename: pcap (1).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.5879900455 seconds
Hash: b94a195bf14a73e095a37a1b58a513f6
Uploaded: 1554123870

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-04-01-T-13-04-54-04012019.1304-pcap_1.pcap.txt - (19925 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 4/1/2019 -- 13:04:54. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2013739      1        15       19576314     6.30   136      0        19215863    143943.49   0.00        143943.49  
  2        2018342      1        2        22046644     7.10   57       0        9422202     386783.23   0.00        386783.23  
  3        2819940      1        3        5204102      1.68   28       0        755193      185860.79   0.00        185860.79  
  4        2816510      1        3        5227094      1.68   28       0        741775      186681.93   0.00        186681.93  
  5        2828748      1        2        2716453      0.87   833      0        380932      3261.05     0.00        3261.05    
  6        2815453      1        4        1129395      0.36   4        0        306932      282348.75   0.00        282348.75  
  7        2016537      1        2        35607232     11.46  681      587      149886      52286.68    57999.48    16612.09   
  8        2811447      1        2        22522401     7.25   593      0        136123      37980.44    0.00        37980.44   
  9        2811745      1        4        490427       0.16   5        0        127700      98085.40    0.00        98085.40   
  10       2814475      1        4        26029468     8.38   587      0        117908      44343.22    0.00        44343.22   
  11       2016706      1        20       139605       0.04   2        0        117134      69802.50    0.00        69802.50   
  12       2830036      1        1        18699768     6.02   586      0        115755      31910.87    0.00        31910.87   
  13       2805348      1        4        2462893      0.79   52       0        114827      47363.33    0.00        47363.33   
  14       2826256      1        2        25170782     8.10   587      0        104152      42880.38    0.00        42880.38   
  15       2816165      1        5        21698928     6.99   587      0        101431      36965.81    0.00        36965.81   
  16       2025100      1        1        15151813     4.88   587      0        98016       25812.29    0.00        25812.29   
  17       2023083      1        2        15773387     5.08   587      0        97532       26871.19    0.00        26871.19   
  18       2814573      1        5        18938625     6.10   587      0        88555       32263.42    0.00        32263.42   
  19       2012707      1        5        11998963     3.86   587      0        83016       20441.16    0.00        20441.16   
  20       2815568      1        2        143535       0.05   2        0        80669       71767.50    0.00        71767.50   
  21       2024135      1        2        113729       0.04   2        0        80549       56864.50    0.00        56864.50   
  22       2821615      1        2        72584        0.02   1        0        72584       72584.00    0.00        72584.00   
  23       2021418      1        9        102651       0.03   2        0        69876       51325.50    0.00        51325.50   
  24       2010143      1        3        656339       0.21   160      0        69546       4102.12     0.00        4102.12    
  25       2017552      1        6        13040761     4.20   681      0        66580       19149.43    0.00        19149.43   
  26       2809363      1        3        127049       0.04   2        0        64342       63524.50    0.00        63524.50   
  27       2023626      1        3        463194       0.15   142      0        61274       3261.93     0.00        3261.93    
  28       2024136      1        2        94865        0.03   2        0        60943       47432.50    0.00        47432.50   
  29       2821471      1        2        94569        0.03   2        0        54689       47284.50    0.00        47284.50   
  30       2021413      1        2        95516        0.03   2        0        51666       47758.00    0.00        47758.00   
  31       2019094      1        5        90092        0.03   2        0        51516       45046.00    0.00        45046.00   
  32       2014702      1        9        270004       0.09   24       0        50683       11250.17    0.00        11250.17   
  33       2828986      1        2        79852        0.03   2        0        49603       39926.00    0.00        39926.00   
  34       2022901      1        2        89902        0.03   2        0        48101       44951.00    0.00        44951.00   
  35       2024139      1        2        78152        0.03   2        0        45821       39076.00    0.00        39076.00   
  36       2830124      1        1        45806        0.01   1        0        45806       45806.00    0.00        45806.00   
  37       2019016      1        3        182634       0.06   52       0        45523       3512.19     0.00        3512.19    
  38       2823858      1        3        86173        0.03   2        0        44774       43086.50    0.00        43086.50   
  39       2020181      1        8        72707        0.02   2        0        44137       36353.50    0.00        36353.50   
  40       2810800      1        5        1662658      0.54   587      0        42635       2832.47     0.00        2832.47    
  41       2807970      1        8        77912        0.03   2        0        42450       38956.00    0.00        38956.00   
  42       2024771      1        1        1695183      0.55   587      0        38788       2887.88     0.00        2887.88    
  43       2024133      1        2        70775        0.02   2        0        35563       35387.50    0.00        35387.50   
  44       2830035      1        2        35372        0.01   1        0        35372       35372.00    0.00        35372.00   
  45       2807793      1        4        63683        0.02   2        0        35261       31841.50    0.00        31841.50   
  46       2816382      1        1        1664051      0.54   588      0        35157       2830.02     0.00        2830.02    
  47       2024138      1        2        69431        0.02   2        0        34895       34715.50    0.00        34715.50   
  48       2024134      1        2        68834        0.02   2        0        34889       34417.00    0.00        34417.00   
  49       2024142      1        2        68025        0.02   2        0        34447       34012.50    0.00        34012.50   
  50       2009702      1        5        321893       0.10   24       0        34263       13412.21    0.00        13412.21   
  51       2024141      1        2        67768        0.02   2        0        34023       33884.00    0.00        33884.00   
  52       2024140      1        2        67701        0.02   2        0        33994       33850.50    0.00        33850.50   
  53       2829607      1        1        33708        0.01   1        0        33708       33708.00    0.00        33708.00   
  54       2024137      1        2        66119        0.02   2        0        33507       33059.50    0.00        33059.50   
  55       2809267      1        8        32956        0.01   1        0        32956       32956.00    0.00        32956.00   
  56       2010140      1        7        714973       0.23   160      0        32850       4468.58     0.00        4468.58    
  57       2809850      1        2        135780       0.04   6        0        32788       22630.00    0.00        22630.00   
  58       2008120      1        4        469406       0.15   160      0        32741       2933.79     0.00        2933.79    
  59       2816365      1        3        63892        0.02   2        0        32408       31946.00    0.00        31946.00   
  60       2821569      1        7        59941        0.02   2        0        32250       29970.50    0.00        29970.50   
  61       2016323      1        1        66794        0.02   12       0        31979       5566.17     0.00        5566.17    
  62       2015877      1        6        60370        0.02   2        0        30362       30185.00    0.00        30185.00   
  63       2812433      1        2        56913        0.02   2        0        29511       28456.50    0.00        28456.50   
  64       2829848      1        2        58291        0.02   2        0        29196       29145.50    0.00        29145.50   
  65       2809511      1        4        57645        0.02   2        0        29142       28822.50    0.00        28822.50   
  66       2017261      1        3        57213        0.02   2        0        29054       28606.50    0.00        28606.50   
  67       2810793      1        5        1604105      0.52   587      0        28976       2732.72     0.00        2732.72    
  68       2829644      1        1        28916        0.01   1        0        28916       28916.00    0.00        28916.00   
  69       2803760      1        3        206009       0.07   12       0        28729       17167.42    0.00        17167.42   
  70       2017948      1        2        55680        0.02   2        0        27984       27840.00    0.00        27840.00   
  71       2025162      1        2        27859        0.01   1        0        27859       27859.00    0.00        27859.00   
  72       2023620      1        3        345341       0.11   120      0        26963       2877.84     0.00        2877.84    
  73       2816899      1        2        45020        0.01   2        0        24314       22510.00    0.00        22510.00   
  74       2014701      1        12       282333       0.09   24       0        23804       11763.88    0.00        11763.88   
  75       2828877      1        1        2316316      0.75   833      0        21751       2780.69     0.00        2780.69    
  76       2828876      1        1        1667958      0.54   605      0        21591       2756.96     0.00        2756.96    
  77       2014967      1        3        42319        0.01   2        0        21338       21159.50    0.00        21159.50   
  78       2016809      1        5        41956        0.01   2        0        21045       20978.00    0.00        20978.00   
  79       2024606      1        2        41731        0.01   2        0        20979       20865.50    0.00        20865.50   
  80       2023623      1        3        305159       0.10   108      0        20470       2825.55     0.00        2825.55    
  81       2025104      1        2        20432        0.01   1        1        20432       20432.00    20432.00    0.00       
  82       2008420      1        4        1725555      0.56   605      0        18799       2852.16     0.00        2852.16    
  83       2804586      1        2        1607113      0.52   587      0        18587       2737.84     0.00        2737.84    
  84       2023614      1        3        142651       0.05   46       0        17934       3101.11     0.00        3101.11    
  85       2826281      1        2        186741       0.06   12       0        17629       15561.75    0.00        15561.75   
  86       2023617      1        3        91537        0.03   28       0        17592       3269.18     0.00        3269.18    
  87       2018764      1        4        33623        0.01   2        0        17107       16811.50    0.00        16811.50   
  88       2815660      1        4        31100        0.01   2        0        16284       15550.00    0.00        15550.00   
  89       2023622      1        3        472685       0.15   172      0        15956       2748.17     0.00        2748.17    
  90       2022543      1        1        15879        0.01   1        0        15879       15879.00    0.00        15879.00   
  91       2802822      1        1        200002       0.06   64       0        15770       3125.03     0.00        3125.03    
  92       2014703      1        9        204842       0.07   24       0        15647       8535.08     0.00        8535.08    
  93       2008117      1        3        196199       0.06   64       0        15634       3065.61     0.00        3065.61    
  94       2024513      1        5        29822        0.01   2        0        15035       14911.00    0.00        14911.00   
  95       2819882      1        2        29617        0.01   2        0        14908       14808.50    0.00        14808.50   
  96       2823937      1        13       29146        0.01   2        0        14665       14573.00    0.00        14573.00   
  97       2022914      1        1        56265        0.02   6        0        13061       9377.50     0.00        9377.50    
  98       2805211      1        1        51378        0.02   6        0        9821        8563.00     0.00        8563.00    
  99       2009243      1        2        189652       0.06   68       0        4852        2789.00     0.00        2789.00    
  100      2008116      1        4        152277       0.05   52       0        4562        2928.40     0.00        2928.40    
  101      2023627      1        3        368781       0.12   134      0        4325        2752.10     0.00        2752.10    
  102      2823788      1        4        40934        0.01   12       0        4313        3411.17     0.00        3411.17    
  103      2805442      1        2        15238        0.00   4        0        4200        3809.50     0.00        3809.50    
  104      2828060      1        4        7810         0.00   2        0        4154        3905.00     0.00        3905.00    
  105      2003068      1        7        23892        0.01   7        0        4091        3413.14     0.00        3413.14    
  106      2802081      1        1        71247        0.02   22       0        4069        3238.50     0.00        3238.50    
  107      2806561      1        5        25179        0.01   7        0        4066        3597.00     0.00        3597.00    
  108      2010939      1        3        24758        0.01   7        0        4045        3536.86     0.00        3536.86    
  109      2010142      1        4        425473       0.14   160      0        3998        2659.21     0.00        2659.21    
  110      2013075      1        8        33591        0.01   12       0        3951        2799.25     0.00        2799.25    
  111      2802205      1        3        146811       0.05   52       0        3913        2823.29     0.00        2823.29    
  112      2013506      1        1        24292        0.01   7        0        3881        3470.29     0.00        3470.29    
  113      2021585      1        3        14064        0.00   4        0        3870        3516.00     0.00        3516.00    
  114      2023624      1        3        349237       0.11   132      0        3796        2645.73     0.00        2645.73    
  115      2023612      1        4        89703        0.03   32       0        3792        2803.22     0.00        2803.22    
  116      2102523      1        8        40660        0.01   14       0        3765        2904.29     0.00        2904.29    
  117      2001580      1        15       22229        0.01   7        0        3723        3175.57     0.00        3175.57    
  118      2016363      1        2        34696        0.01   12       0        3722        2891.33     0.00        2891.33    
  119      2002911      1        6        23803        0.01   7        0        3715        3400.43     0.00        3400.43    
  120      2008118      1        3        187155       0.06   68       0        3695        2752.28     0.00        2752.28    
  121      2811402      1        2        7222         0.00   2        0        3663        3611.00     0.00        3611.00    
  122      2025200      1        1        75228        0.02   24       0        3639        3134.50     0.00        3134.50    
  123      2023613      1        3        81160        0.03   30       0        3632        2705.33     0.00        2705.33    
  124      2100518      1        8        143243       0.05   52       0        3625        2754.67     0.00        2754.67    
  125      2100540      1        12       12

This file has been truncated. Go here to download in full.


packet_stats.log - (14099 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            14          4645454      498569405     147116739          2.1b    0.32
 IPv4       6          1562           960189      739893090     393684432        614.9b   95.75
 IPv4      17           172          5122500      585262076     146617935         25.2b    3.93
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            14            89603         136639        102636          1.4m    0.17
TMM_FLOWWORKER              IPv4       6          1562            67526        9743202        460112        718.7m   84.32
TMM_FLOWWORKER              IPv4      17           172           118765       19394187        502429         86.4m   10.14
TMM_RECEIVEPCAPFILE         IPv4       2            14             2568           3365          2813         39.4k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          1560             2553       19346530         19101         29.8m    3.50
TMM_RECEIVEPCAPFILE         IPv4      17           172             2549           3706          2898        498.5k    0.06
TMM_DECODEPCAPFILE          IPv4       2            14             2675          10323          3449         48.3k    0.01
TMM_DECODEPCAPFILE          IPv4       6          1560             2656       10217922          9550         14.9m    1.75
TMM_DECODEPCAPFILE          IPv4      17           172             2674          18758          2965        510.0k    0.06

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          1560             2836          44693          3547          5.5m  0.78  
flow                    IPv4      17           172             2667          26783          3655        628.7k  0.09  
stream                  IPv4       6          1562             2964         395980         24338         38.0m  5.34  
app-layer               IPv4      17           172             2529          48847          5719        983.7k  0.14  
detect                  IPv4       2            14            84090         126720         94728          1.3m  0.19  
detect                  IPv4       6          1562            44916        9708041        378148        590.7m  83.04 
detect                  IPv4      17           172           102313       19366748        398938         68.6m  9.65  
tcp-prune               IPv4       6          1562             2566         378576          3538          5.5m  0.78  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             7             3876          45412         15660        109.6k  34.49 
http                    IPv4      17             1            22557          22557         22557         22.6k  7.10  
dns                     IPv4      17            25             4017          20233          7425        185.6k  58.41 
Proto detect            IPv4      17            25             3150          28063          8794        219.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4      17             1           113504         113504        113504        113.5k  0.18  
LOGGER_UNIFIED2             IPv4      17             1           114789         114789        114789        114.8k  0.18  
LOGGER_JSON_ALERT           IPv4      17             1           132559         132559        132559        132.6k  0.20  
LOGGER_JSON_DNS             IPv4      17            24            28299       12215981        571345         13.7m  21.19 
LOGGER_JSON_HTTP            IPv4       6           587            27214         145108         36112         21.2m  32.76 
LOGGER_JSON_FILE            IPv4       6           585            39274         160416         50320         29.4m  45.49 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          1445             2602          92448          7984        11.5m  12.07 
payload                           IPv4      17           172             3165          71353         13684         2.4m  2.46  
stream                            IPv4       6          1445             2549         446157          8845        12.8m  13.37 
http_uri                          IPv4       6           587             3118          40197          4223         2.5m  2.59  
http_request_line                 IPv4       6           587             2941          28453          3547         2.1m  2.18  
http_client_body                  IPv4       6           587             2652          38897          3026         1.8m  1.86  
http_header (request)             IPv4       6           587             3469          30943          4927         2.9m  3.03  
http_header (request trailer)     IPv4       6           587             2558          42085          2965         1.7m  1.82  
http_header_names (request)       IPv4       6           587             3124          33653          3954         2.3m  2.43  
http_accept (request)             IPv4       6           587             2671          64844          3187         1.9m  1.96  
http_referer (request)            IPv4       6           587             2615          20474          2817         1.7m  1.73  
http_content_len (request)        IPv4       6           587             2623          20115          2849         1.7m  1.75  
http_content_type (request)       IPv4       6           587             2635          51225          3093         1.8m  1.90  
http_protocol (request)           IPv4       6           587             2751          60385          3373         2.0m  2.07  
http_start (request)              IPv4       6           587             3365          44655          4203         2.5m  2.58  
http_raw_header (request)         IPv4       6           587             5575          34472          6336         3.7m  3.89  
http_method                       IPv4       6           587             2737          43590          3241         1.9m  1.99  
http_cookie (request)             IPv4       6           587             2620          35204          2997         1.8m  1.84  
http_raw_uri                      IPv4       6           587             2777          36147          3305         1.9m  2.03  
http_user_agent                   IPv4       6           587             2628          18638          2863         1.7m  1.76  
http_host                         IPv4       6           587             2855         244376          3787         2.2m  2.33  
dns_query                         IPv4      17            12             5813          29125         11883       142.6k  0.15  
http_response_line                IPv4       6           587             2976          29270          3895         2.3m  2.39  
http_header (response)            IPv4       6           587             5323          42816          7237         4.2m  4.44  
http_header (response trailer)    IPv4       6           587             2566          29240          2846         1.7m  1.75  
http_content_type (response)      IPv4       6           587             2864          19555          3247         1.9m  1.99  
http_raw_header (response)        IPv4       6           830             3769         107000          7256         6.0m  6.30  
http_cookie (response)            IPv4       6           587             2777          64886          3392         2.0m  2.08  
http_stat_code                    IPv4       6           587             2643          70191          3055         1.8m  1.88  
file_data (http response)         IPv4       6           243             2599         779772         44872        10.9m  11.40 
Total                             IPv4                 18235                                          5243        95.6m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            14            36613          74002         43389        607.5k  0.07  
PROF_DETECT_IPONLY          IPv4       6            14            14159          94562         47832        669.6k  0.07  
PROF_DETECT_IPONLY          IPv4      17            33            37162         445225         60959          2.0m  0.22  
PROF_DETECT_RULES           IPv4       2            14             2538           2888          2591         36.3k  0.00  
PROF_DETECT_RULES           IPv4       6          1562             2556        9439258        205229        320.6m  34.34 
PROF_DETECT_RULES           IPv4      17           172            44321       19298465        251956         43.3m  4.64  
PROF_DETECT_STATEFUL_START    IPv4       6          1325             5127        9411429        123919        164.2m  17.59 
PROF_DETECT_STATEFUL_START    IPv4      17             1            13143          13143         13143         13.1k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             2529           2923          2598         36.4k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1562             2549          66944          6555         10.2m  1.10  
PROF_DETECT_STATEFUL_CONT    IPv4      17           172             2522          49368          3650        627.9k  0.07  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          1534             2567          36615          2829          4.3m  0.46  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            24             2608           3830          2963         71.1k  0.01  
PROF_DETECT_PREFILTER       IPv4       2            14             7861          22771          9893        138.5k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          1562             7924        1187135        120308        187.9m  20.13 
PROF_DETECT_PREFILTER       IPv4      17           172            23960          99981         38689          6.7m  0.71  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1445            14431         466601         25341         36.6m  3.92  
PROF_DETECT_PF_PAYLOAD      IPv4      17           172             8224          77339         19120          3.3m  0.35  
PROF_DETECT_PF_TX           IPv4       6          1534             2571        1146030         78117        119.8m  12.84 
PROF_DETECT_PF_TX           IPv4      17            12            11100          34845         18955        227.5k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6          1445             2531          87071          3251          4.7m  0.50  
PROF_DETECT_PF_SORT1        IPv4      17           172             2587          19176          3700        636.4k  0.07  
PROF_DETECT_PF_SORT2        IPv4       2            14             2524           2884          2636         36.9k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          1562             2545          67154          2977          4.7m  0.50  
PROF_DETECT_PF_SORT2        IPv4      17           172             2558           5150          2907        500.1k  0.05  
PROF_DETECT_NONMPMLIST      IPv4       2            14             2732           2899          2787         39.0k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          1562             2570          61856          2994          4.7m  0.50  
PROF_DETECT_NONMPMLIST      IPv4      17           172             2530          25077          3048        524.3k  0.06  
PROF_DETECT_ALERT           IPv4       2            14             2543           3379          2621         36.7k  0.00  
PROF_DETECT_ALERT           IPv4       6          1562             2530          40017          2963          4.6m  0.50  
PROF_DETECT_ALERT           IPv4      17           172             2530          30163          2852        490.7k  0.05  
PROF_DETECT_CLEANUP         IPv4       2            14             2522           2668          2558         35.8k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          1562             2579          68647          3151          4.9m  0.53  
PROF_DETECT_CLEANUP         IPv4      17           172             2525          41456          3097        532.8k  0.06  
PROF_DETECT_GETSGH          IPv4       2            14             2605           3129          2828         39.6k  0.00  
PROF_DETECT_GETSGH          IPv4       6          1562             2523          55239          3128          4.9m  0.52  
PROF_DETECT_GETSGH          IPv4      17           172             2531          41391          4184        719.7k  0.08  


suricata-4.0.0-etpro-all-alert-2019-04-01-T-13-04-54-04012019.1304-pcap_1.pcap.txt - (198 bytes) - download
1
03/10/2019-09:33:04.590457  [**] [1:2025104:2] ET INFO DNS Query for Suspicious .gq Domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.56.102:53078 -> 192.168.56.1:53


suricata-report-2019-04-01-T-13-04-54-04012019.1304-pcap_1.pcap.txt - (17542 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/b94a195bf14a73e095a37a1b58a513f656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04012019.1304-pcap_1.pcap -vvv -k none
elapsedtime:22.625751
stderr:
stdout:
1/4/2019 -- 13:04:31 - <Info> - Configuration node 'rule-files' redefined.
1/4/2019 -- 13:04:31 - <Notice> - This is Suricata version 4.0.0 RELEASE
1/4/2019 -- 13:04:31 - <Info> - CPUs/cores online: 1
1/4/2019 -- 13:04:31 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31502 and 'request-body-inspect-window' set to 16973 after randomization.
1/4/2019 -- 13:04:31 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31760 and 'response-body-inspect-window' set to 15899 after randomization.
1/4/2019 -- 13:04:31 - <Config> - DNS request flood protection level: 500
1/4/2019 -- 13:04:31 - <Config> - DNS per flow memcap (state-memcap): 524288
1/4/2019 -- 13:04:31 - <Config> - DNS global memcap: 16777216
1/4/2019 -- 13:04:31 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
1/4/2019 -- 13:04:31 - <Config> - preallocated 1000 hosts of size 136
1/4/2019 -- 13:04:31 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
1/4/2019 -- 13:04:31 - <Config> - using magic-file /usr/share/file/magic
1/4/2019 -- 13:04:31 - <Config> - Core dump size is unlimited.
1/4/2019 -- 13:04:31 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
1/4/2019 -- 13:04:31 - <Config> - preallocated 1000 defrag trackers of size 168
1/4/2019 -- 13:04:31 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
1/4/2019 -- 13:04:31 - <Config> - stream "prealloc-sessions": 2048 (per thread)
1/4/2019 -- 13:04:31 - <Config> - stream "memcap": 33554432
1/4/2019 -- 13:04:31 - <Config> - stream "midstream" session pickups: disabled
1/4/2019 -- 13:04:31 - <Config> - stream "async-oneside": disabled
1/4/2019 -- 13:04:31 - <Config> - stream "checksum-validation": disabled
1/4/2019 -- 13:04:31 - <Config> - stream."inline": disabled
1/4/2019 -- 13:04:31 - <Config> - stream "bypass": disabled
1/4/2019 -- 13:04:31 - <Config> - stream "max-synack-queued": 5
1/4/2019 -- 13:04:31 - <Config> - stream.reassembly "memcap": 134217728
1/4/2019 -- 13:04:31 - <Config> - stream.reassembly "depth": 0
1/4/2019 -- 13:04:31 - <Config> - stream.reassembly "toserver-chunk-size": 2580
1/4/2019 -- 13:04:31 - <Config> - stream.reassembly "toclient-chunk-size": 2626
1/4/2019 -- 13:04:31 - <Config> - stream.reassembly.raw: enabled
1/4/2019 -- 13:04:31 - <Config> - stream.reassembly "segment-prealloc": 2048
1/4/2019 -- 13:04:31 - <Config> - Delayed detect disabled
1/4/2019 -- 13:04:31 - <Config> - pattern matchers: MPM: ac, SPM: bm
1/4/2019 -- 13:04:31 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
1/4/2019 -- 13:04:31 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
1/4/2019 -- 13:04:31 - <Config> - prefilter engines: MPM
1/4/2019 -- 13:04:31 - <Config> - IP reputation disabled
1/4/2019 -- 13:04:31 - <Perf> - Registered 148 keyword profiling counters.
1/4/2019 -- 13:04:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
1/4/2019 -- 13:04:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
1/4/2019 -- 13:04:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
1/4/2019 -- 13:04:36 - <Config> - No rules loaded from ET-icmp.rules.
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
1/4/2019 -- 13:04:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
1/4/2019 -- 13:04:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
1/4/2019 -- 13:04:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
1/4/2019 -- 13:04:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
1/4/2019 -- 13:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
1/4/2019 -- 13:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
1/4/2019 -- 13:04:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
1/4/2019 -- 13:04:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
1/4/2019 -- 13:04:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
1/4/2019 -- 13:04:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
1/4/2019 -- 13:04:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
1/4/2019 -- 13:04:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
1/4/2019 -- 13:04:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
1/4/2019 -- 13:04:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
1/4/2019 -- 13:04:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
1/4/2019 -- 13:04:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
1/4/2019 -- 13:04:44 - <Config> - No rules loaded from local.rules.
1/4/2019 -- 13:04:44 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
1/4/2019 -- 13:04:44 - <Info> - Threshold config parsed: 0 rule(s) found
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for tcp-packet
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for tcp-stream
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for udp-packet
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for other-ip
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_uri
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_request_line
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_client_body
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_response_line
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_header
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_header
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_header_names
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_header_names
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_accept
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_accept_enc
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_accept_lang
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_referer
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_connection
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_content_len
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_content_len
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_content_type
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_content_type
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_protocol
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_protocol
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_start
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_start
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_raw_header
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_raw_header
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_method
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_cookie
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_cookie
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_raw_uri
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_user_agent
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_host
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_raw_host
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_stat_msg
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_stat_code
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for dns_query
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for tls_sni
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for tls_cert_issuer
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for tls_cert_subject
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for tls_cert_serial
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for dce_stub_data
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for dce_stub_data
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for ssh_protocol
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for ssh_protocol
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for ssh_software
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for ssh_software
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for file_data
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for file_data
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_request_line
1/4/2019 -- 13:04:44 - <Perf> - using shared mpm ctx' for http_response_line
1/4/2019 -- 13:04:44 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
1/4/2019 -- 13:04:44 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
1/4/2019 -- 13:04:45 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
1/4/2019 -- 13:04:45 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
1/4/2019 -- 13:04:45 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
1/4/2019 -- 13:04:45 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
1/4/2019 -- 13:04:45 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
1/4/2019 -- 13:04:45 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
1/4/2019 -- 13:04:50 - <Perf> - Unique rule groups: 104
1/4/2019 -- 13:04:50 - <Perf> - Builtin MPM "toserver TCP packet": 35
1/4/2019 -- 13:04:50 - <Perf> - Builtin MPM "toclient TCP packet": 17
1/4/2019 -- 13:04:50 - <Perf> - Builtin MPM "toserver TCP stream": 33
1/4/2019 -- 13:04:50 - <Perf> - Builtin MPM "toclient TCP stream": 19
1/4/2019 -- 13:04:50 - <Perf> - Builtin MPM "toserver UDP packet": 27
1/4/2019 -- 13:04:50 - <Perf> - Builtin MPM "toclient UDP packet": 17
1/4/2019 -- 13:04:50 - <Perf> - Builtin MPM "other IP packet": 3
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_uri": 14
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_request_line": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_client_body": 6
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient http_response_line": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_header": 10
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient http_header": 6
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_header_names": 2
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_accept": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_referer": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_content_len": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_content_type": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient http_content_type": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_protocol": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_start": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_method": 5
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_cookie": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient http_cookie": 2
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver http_host": 2
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver dns_query": 4
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver tls_sni": 2
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toserver file_data": 1
1/4/2019 -- 13:04:50 - <Perf> - AppLayer MPM "toclient file_data": 7
1/4/2019 -- 13:04:52 - <Perf> - Registered 39590 rule profiling counters.
1/4/2019 -- 13:04:52 - <Info> - fast output device (regular) initialized: alert
1/4/2019 -- 13:04:52 - <Info> - eve-log output device (regular) initialized: eve.json
1/4/2019 -- 13:04:52 - <Config> - enabling 'eve-log' module 'alert'
1/4/2019 -- 13:04:52 - <Config> - enabling 'eve-log' module 'http'
1/4/2019 -- 13:04:52 - <Config> - enabling 'eve-log' module 'dns'
1/4/2019 -- 13:04:52 - <Config> - enabling 'eve-log' module 'tls'
1/4/2019 -- 13:04:52 - <Config> - enabling 'eve-log' module 'files'
1/4/2019 -- 13:04:52 - <Config> - enabling 'eve-log' module 'ssh'
1/4/2019 -- 13:04:52 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
1/4/2019 -- 13:04:52 - <Info> - stats output device (regular) initialized: stats.log
1/4/2019 -- 13:04:52 - <Config> - AutoFP mode using "Hash" flow load balancer
1/4/2019 -- 13:04:52 - <Info> - reading pcap file /var/pcap/04012019.1304-pcap_1.pcap
1/4/2019 -- 13:04:52 - <Config> - using 1 flow manager threads
1/4/2019 -- 13:04:52 - <Config> - using 1 flow recycler threads
1/4/2019 -- 13:04:52 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
1/4/2019 -- 13:04:52 - <Info> - No packets with i

This file has been truncated. Go here to download in full.


stats.log - (3145 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
------------------------------------------------------------------------------------
Date: 4/1/2019 -- 13:04:54 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1768
decoder.bytes                              | Total                     | 547778
decoder.ipv4                               | Total                     | 1746
decoder.ethernet                           | Total                     | 1768
decoder.tcp                                | Total                     | 1560
decoder.udp                                | Total                     | 172
decoder.avg_pkt_size                       | Total                     | 309
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 7
flow.udp                                   | Total                     | 21
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 8
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 9
app_layer.flow.http                        | Total                     | 7
app_layer.tx.http                          | Total                     | 587
app_layer.flow.dns_udp                     | Total                     | 12
app_layer.tx.dns_udp                       | Total                     | 12
app_layer.flow.failed_udp                  | Total                     | 9
flow_mgr.new_pruned                        | Total                     | 7
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 25
flow_mgr.flows_notimeout                   | Total                     | 18
flow_mgr.flows_timeout                     | Total                     | 7
flow_mgr.flows_removed                     | Total                     | 7
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65511
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7082368


eve.json - (459984 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
{"timestamp":"2019-03-10T09:32:52.827868+0000","flow_id":68581396357596,"pcap_cnt":105,"event_type":"dns","src_ip":"192.168.56.102","src_port":56241,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65270,"rrname":"7.2.3.3.1.6.3.3.0.7.6.3.a.f.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-10T09:32:53.066681+0000","flow_id":68581396357596,"pcap_cnt":106,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":56241,"proto":"UDP","dns":{"type":"answer","id":65270,"rcode":"NOERROR","rrname":"7.2.3.3.1.6.3.3.0.7.6.3.a.f.1.9.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-10T09:33:04.590457+0000","flow_id":318922155885177,"pcap_cnt":143,"event_type":"alert","src_ip":"192.168.56.102","src_port":53078,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2025104,"rev":2,"signature":"ET INFO DNS Query for Suspicious .gq Domain","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2019-03-10T09:33:04.590457+0000","flow_id":318922155885177,"pcap_cnt":143,"event_type":"dns","src_ip":"192.168.56.102","src_port":53078,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22726,"rrname":"lacosta.gq","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-10T09:33:04.744016+0000","flow_id":318922155885177,"pcap_cnt":144,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":53078,"proto":"UDP","dns":{"type":"answer","id":22726,"rcode":"NOERROR","rrname":"lacosta.gq","rrtype":"A","ttl":0,"rdata":"91.134.253.119"}}
{"timestamp":"2019-03-10T09:33:05.757415+0000","flow_id":1711956143712647,"pcap_cnt":151,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":0,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:05.814857+0000","flow_id":1711956143712647,"pcap_cnt":152,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":0}}
{"timestamp":"2019-03-10T09:33:05.982149+0000","flow_id":1711956143712647,"pcap_cnt":153,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":1,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:05.994345+0000","flow_id":1810375319301161,"pcap_cnt":154,"event_type":"dns","src_ip":"192.168.56.102","src_port":56701,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21639,"rrname":"119.253.134.91.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-10T09:33:06.039583+0000","flow_id":1711956143712647,"pcap_cnt":155,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":1}}
{"timestamp":"2019-03-10T09:33:06.151975+0000","flow_id":1810375319301161,"pcap_cnt":191,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":56701,"proto":"UDP","dns":{"type":"answer","id":21639,"rcode":"NOERROR","rrname":"119.253.134.91.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-10T09:33:06.346312+0000","flow_id":1711956143712647,"pcap_cnt":480,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":2,"http":{"hostname":"lacosta.gq","url":"\/Proxy"}}
{"timestamp":"2019-03-10T09:33:06.845848+0000","flow_id":1394858708363288,"pcap_cnt":481,"event_type":"dns","src_ip":"192.168.56.102","src_port":65426,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50502,"rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-10T09:33:06.884164+0000","flow_id":2151735025106372,"pcap_cnt":482,"event_type":"dns","src_ip":"192.168.56.102","src_port":49615,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32615,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-03-10T09:33:07.082924+0000","flow_id":1394858708363288,"pcap_cnt":483,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":65426,"proto":"UDP","dns":{"type":"answer","id":50502,"rcode":"NOERROR","rrname":"d.5.e.3.c.c.d.5.1.4.5.0.2.6.1.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-10T09:33:07.095876+0000","flow_id":2151735025106372,"pcap_cnt":484,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.102","dest_port":49615,"proto":"UDP","dns":{"type":"answer","id":32615,"rcode":"NOERROR","rrname":"103.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-03-10T09:33:07.193928+0000","flow_id":1711956143712647,"pcap_cnt":486,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/Proxy","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":267450},"app_proto":"http","fileinfo":{"filename":"\/Proxy","gaps":false,"state":"CLOSED","stored":false,"size":267450,"tx_id":2}}
{"timestamp":"2019-03-10T09:33:07.403082+0000","flow_id":1711956143712647,"pcap_cnt":495,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":3,"http":{"hostname":"lacosta.gq","url":"\/XsOnliner.php","http_content_type":"text\/html"}}
{"timestamp":"2019-03-10T09:33:07.609746+0000","flow_id":1753144880213359,"pcap_cnt":497,"event_type":"http","src_ip":"192.168.56.102","src_port":49183,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":0,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:08.158650+0000","flow_id":1711956143712647,"pcap_cnt":500,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":4,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:08.216016+0000","flow_id":1711956143712647,"pcap_cnt":501,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":4}}
{"timestamp":"2019-03-10T09:33:08.252460+0000","flow_id":1711956143712647,"pcap_cnt":502,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":5,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:08.309863+0000","flow_id":1711956143712647,"pcap_cnt":505,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":5}}
{"timestamp":"2019-03-10T09:33:08.399558+0000","flow_id":1711956143712647,"pcap_cnt":506,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":6,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:08.456976+0000","flow_id":1711956143712647,"pcap_cnt":507,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":6}}
{"timestamp":"2019-03-10T09:33:08.534612+0000","flow_id":1711956143712647,"pcap_cnt":508,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":7,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:08.591823+0000","flow_id":1711956143712647,"pcap_cnt":509,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":7}}
{"timestamp":"2019-03-10T09:33:08.645544+0000","flow_id":1711956143712647,"pcap_cnt":510,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":8,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:08.702850+0000","flow_id":1711956143712647,"pcap_cnt":511,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":8}}
{"timestamp":"2019-03-10T09:33:08.814316+0000","flow_id":1711956143712647,"pcap_cnt":512,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":9,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:08.871638+0000","flow_id":1711956143712647,"pcap_cnt":513,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":9}}
{"timestamp":"2019-03-10T09:33:08.960090+0000","flow_id":1711956143712647,"pcap_cnt":514,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":10,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:09.023164+0000","flow_id":1711956143712647,"pcap_cnt":515,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":10}}
{"timestamp":"2019-03-10T09:33:09.101123+0000","flow_id":1711956143712647,"pcap_cnt":516,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":11,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:09.158505+0000","flow_id":1711956143712647,"pcap_cnt":517,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":11}}
{"timestamp":"2019-03-10T09:33:09.242090+0000","flow_id":1711956143712647,"pcap_cnt":518,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":12,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:09.299337+0000","flow_id":1711956143712647,"pcap_cnt":521,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":12}}
{"timestamp":"2019-03-10T09:33:09.383782+0000","flow_id":1711956143712647,"pcap_cnt":522,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":13,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:09.440987+0000","flow_id":1711956143712647,"pcap_cnt":523,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":13}}
{"timestamp":"2019-03-10T09:33:09.521747+0000","flow_id":1711956143712647,"pcap_cnt":524,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":14,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:09.578872+0000","flow_id":1711956143712647,"pcap_cnt":525,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":14}}
{"timestamp":"2019-03-10T09:33:09.627842+0000","flow_id":1711956143712647,"pcap_cnt":526,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":15,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:09.685068+0000","flow_id":1711956143712647,"pcap_cnt":527,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/jJLA4pmNKJpj7U6W97DnR","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":15}}
{"timestamp":"2019-03-10T09:33:09.775495+0000","flow_id":1711956143712647,"pcap_cnt":528,"event_type":"http","src_ip":"192.168.56.102","src_port":49182,"dest_ip":"91.134.253.119","dest_port":5678,"proto":"TCP","tx_id":16,"http":{"hostname":"lacosta.gq","url":"\/jJLA4pmNKJpj7U6W97DnR"}}
{"timestamp":"2019-03-10T09:33:09.832849+0000","flow_id":1711956143712647,"pcap_cnt":529,"event_type":"fileinfo","src_ip":"91.134.253.119","src_port":5678,"dest_ip":"192.168.56.102","dest_port":49182,"proto":"TCP","http":{"host

This file has been truncated. Go here to download in full.


keyword_perf.log - (12612 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 4/1/2019 -- 13:04:54
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             18131379        6266            6266            84874           2893.00         2893.00         0.00           
  threshold        14468           1               1               14468           14468.00        14468.00        0.00           
  content          81364629        22281           15166           8635380         3651.00         3310.00         4378.00        
  pcre             7426518         1909            1188            407832          3890.00         3623.00         4329.00        
  byte_test        761000          252             192             17973           3019.00         3090.00         2793.00        
  byte_jump        153347          52              52              4384            2948.00         2948.00         0.00           
  isdataat         2842            1               0               2842            2842.00         0.00            2842.00        
  flowbits         1936472         597             587             93955           3243.00         3247.00         3022.00        
  urilen           50431           14              0               4476            3602.00         0.00            3602.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             18131379        6266            6266            84874           2893.00         2893.00         0.00           
  flowbits         30222           10              0               3697            3022.00         0.00            3022.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13322259        4421            3132            71208           3013.00         3026.00         2980.00        
  pcre             2269074         595             0               38893           3813.00         0.00            3813.00        
  byte_test        761000          252             192             17973           3019.00         3090.00         2793.00        
  byte_jump        153347          52              52              4384            2948.00         2948.00         0.00           
  isdataat         2842            1               0               2842            2842.00         0.00            2842.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         1906250         587             587             93955           3247.00         3247.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        14468           1               1               14468           14468.00        14468.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5331770         1800            34              33701           2962.00         4262.00         2937.00        
  pcre             158157          16              14              24438           9884.00         10262.00        7241.00        
  urilen           50431           14              0               4476            3602.00         0.00            3602.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1689437         587             0               23482           2878.00         0.00            2878.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18874106        1262            187             8635380         14955.00        28848.00        12539.00       
  pcre             800435          121             0               407832          6615.00         0.00            6615.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          31756868        10644           9448            74727           2983.00         2981.00         3000.00        
  pcre             4198852         1177            1174            50993           3567.00         3544.00         12619.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3424323         1182            1182            34485           2897.00         2897.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15253           4               4               4156            3813.00         3813.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5183063         1789            591             67433           2897.00         3092.00         2800.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1749736         587             587             22462           2980.00         2980.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13014           4               0               3317            3253.00         0.00            3253.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4800            1               1               4800            4800.00         4800.00         0.00           


unified2.alert.1554123892 - (166 bytes) - download
1
2
4\„ÙÐ	yæÀ¨8fÀ¨8ÏV5b\„ÙÐ\„ÙÐ	yF
'6Zg³ÎE8e€.˜À¨8fÀ¨8ÏV5$$XÆlacostagq


IDSDeathBlossom.py.log - (1145 bytes) - download
1
2
3
4
5
6
7
8
2019-04-01 13:04:30,894 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-04-01 13:04:31,644 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-04-01 13:04:31,644 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-04-01 13:04:31,645 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-04-01 13:04:31,645 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-04-01 13:04:31,645 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/b94a195bf14a73e095a37a1b58a513f656b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04012019.1304-pcap_1.pcap -vvv -k none
2019-04-01 13:04:54,273 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-04-01 13:04:54,274 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.388021946