1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 | Packet profile dump:
IP ver Proto cnt min max avg tot %%
------ ----- ---------- ------------ ------------ ----------- ----------- ---
IPv4 6 45 11125222 58114582 36451210 1.6b 91.90
IPv4 17 7 2821360 55476264 20079081 140.6m 7.87
IPv6 17 1 4038408 4038408 4038408 4.0m 0.23
Note: Protocol 256 tracks pseudo/tunnel packets.
Per Thread module stats:
Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
TMM_FLOWWORKER IPv4 6 45 115508 22362864 1029708 46.3m 80.81
TMM_FLOWWORKER IPv4 17 7 275398 6020898 1403293 9.8m 17.13
TMM_RECEIVEPCAPFILE IPv4 6 45 4460 7720 5000 225.0k 0.39
TMM_RECEIVEPCAPFILE IPv4 17 7 4720 11026 5713 40.0k 0.07
TMM_DECODEPCAPFILE IPv4 6 45 4600 17366 5212 234.5k 0.41
TMM_DECODEPCAPFILE IPv4 17 7 4664 38770 9702 67.9k 0.12
TMM_FLOWWORKER IPv6 17 1 588850 588850 588850 588.8k 1.03
TMM_RECEIVEPCAPFILE IPv6 17 1 4754 4754 4754 4.8k 0.01
TMM_DECODEPCAPFILE IPv6 17 1 21760 21760 21760 21.8k 0.04
Flow Worker IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
flow IPv4 6 45 4962 28390 6530 293.9k 1.04
flow IPv4 17 7 4810 38808 13858 97.0k 0.34
stream IPv4 6 45 4560 510034 34085 1.5m 5.45
app-layer IPv4 17 7 4488 61568 29637 207.5k 0.74
detect IPv4 6 45 78150 6488952 474178 21.3m 75.76
detect IPv4 17 7 238344 736674 552690 3.9m 13.74
tcp-prune IPv4 6 45 4434 24188 5801 261.1k 0.93
flow IPv6 17 1 18534 18534 18534 18.5k 0.07
app-layer IPv6 17 1 19996 19996 19996 20.0k 0.07
detect IPv6 17 1 526722 526722 526722 526.7k 1.87
Note: stream includes app-layer for TCP
Per App layer parser stats:
App Layer IP ver Proto cnt min max avg
-------------------- ------ ----- ---------- ------------ ------------ -----------
http IPv4 6 1 36648 36648 36648 36.6k 38.09
dns IPv4 17 4 9866 24710 14889 59.6k 61.91
Proto detect IPv4 17 5 11228 43220 22177 110.9k
Proto detect IPv6 17 1 7660 7660 7660 7.7k
Log Thread Module IP ver Proto cnt min max avg tot %%
------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- ---
Logger/output stats:
Logger IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
LOGGER_JSON_DNS IPv4 17 4 51526 5166034 1348916 5.4m 82.80
LOGGER_JSON_HTTP IPv4 6 3 90146 127404 110702 332.1k 5.10
LOGGER_JSON_FILE IPv4 6 3 76990 621382 262872 788.6k 12.10
Prefilter IP ver Proto cnt min max avg tot %%
-------------------- ------ ----- ---------- ------------ ------------ ----------- --------- ---
payload IPv4 6 22 4606 114024 33088 728.0k 18.07
payload IPv4 17 7 8292 96638 47647 333.5k 8.28
stream IPv4 6 22 4442 767880 86536 1.9m 47.26
http_uri IPv4 6 3 17058 39374 29932 89.8k 2.23
http_request_line IPv4 6 3 12004 12252 12121 36.4k 0.90
http_client_body IPv4 6 3 5290 6324 5734 17.2k 0.43
http_header (request) IPv4 6 3 24954 39746 31238 93.7k 2.33
http_header (request trailer) IPv4 6 3 4516 5528 4871 14.6k 0.36
http_header_names (request) IPv4 6 3 11182 14490 12741 38.2k 0.95
http_accept (request) IPv4 6 3 5288 5950 5603 16.8k 0.42
http_referer (request) IPv4 6 3 5034 5676 5299 15.9k 0.39
http_content_len (request) IPv4 6 3 4896 5964 5424 16.3k 0.40
http_content_type (request) IPv4 6 3 5150 5968 5436 16.3k 0.40
http_protocol (request) IPv4 6 3 7262 7924 7613 22.8k 0.57
http_start (request) IPv4 6 3 13804 16078 14906 44.7k 1.11
http_raw_header (request) IPv4 6 3 11598 13944 12694 38.1k 0.95
http_method IPv4 6 3 8968 27918 16239 48.7k 1.21
http_cookie (request) IPv4 6 3 4732 6378 5580 16.7k 0.42
http_raw_uri IPv4 6 3 7362 9742 8178 24.5k 0.61
http_user_agent IPv4 6 3 5128 7570 6076 18.2k 0.45
http_host IPv4 6 3 11066 19706 14424 43.3k 1.07
dns_query IPv4 17 2 16452 17462 16957 33.9k 0.84
http_response_line IPv4 6 3 8536 12848 11027 33.1k 0.82
http_header (response) IPv4 6 3 28248 56946 43630 130.9k 3.25
http_header (response trailer) IPv4 6 3 4722 5716 5347 16.0k 0.40
http_content_type (response) IPv4 6 3 5946 33636 17475 52.4k 1.30
http_raw_header (response) IPv4 6 6 6262 17570 10878 65.3k 1.62
http_cookie (response) IPv4 6 3 5152 7702 6038 18.1k 0.45
http_stat_code IPv4 6 3 6218 10346 7653 23.0k 0.57
file_data (http response) IPv4 6 3 4578 6844 5459 16.4k 0.41
Total IPv4 134 29602 4.0m
payload IPv6 17 1 61302 61302 61302 61.3k 1.52
Total IPv6 1 61302 61.3k
General detection engine stats:
Detection phase IP ver Proto cnt min max avg tot
------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------
PROF_DETECT_IPONLY IPv4 6 8 49658 124056 78734 629.9k 1.88
PROF_DETECT_IPONLY IPv4 17 5 24420 264292 110170 550.9k 1.65
PROF_DETECT_RULES IPv4 6 45 4434 5537706 238566 10.7m 32.11
PROF_DETECT_RULES IPv4 17 7 131286 414534 271121 1.9m 5.68
PROF_DETECT_STATEFUL_START IPv4 6 13 8990 2671396 333982 4.3m 12.99
PROF_DETECT_STATEFUL_CONT IPv4 6 45 4416 60080 9957 448.1k 1.34
PROF_DETECT_STATEFUL_CONT IPv4 17 7 4462 50820 14478 101.3k 0.30
PROF_DETECT_STATEFUL_UPDATE IPv4 6 29 4480 6090 4963 143.9k 0.43
PROF_DETECT_STATEFUL_UPDATE IPv4 17 4 5028 8898 6141 24.6k 0.07
PROF_DETECT_PREFILTER IPv4 6 45 13684 871156 135856 6.1m 18.29
PROF_DETECT_PREFILTER IPv4 17 7 47704 145850 99993 700.0k 2.09
PROF_DETECT_PF_PAYLOAD IPv4 6 22 40008 787900 153999 3.4m 10.13
PROF_DETECT_PF_PAYLOAD IPv4 17 7 17458 105832 56853 398.0k 1.19
PROF_DETECT_PF_TX IPv4 6 29 4510 309296 53260 1.5m 4.62
PROF_DETECT_PF_TX IPv4 17 2 26586 27112 26849 53.7k 0.16
PROF_DETECT_PF_SORT1 IPv4 6 22 4472 11768 5488 120.7k 0.36
PROF_DETECT_PF_SORT1 IPv4 17 7 4824 6804 5930 41.5k 0.12
PROF_DETECT_PF_SORT2 IPv4 6 45 4424 10836 5387 242.5k 0.73
PROF_DETECT_PF_SORT2 IPv4 17 7 4500 6592 5562 38.9k 0.12
PROF_DETECT_NONMPMLIST IPv4 6 45 4490 26782 5963 268.4k 0.80
PROF_DETECT_NONMPMLIST IPv4 17 7 4434 6316 5580 39.1k 0.12
PROF_DETECT_ALERT IPv4 6 45 4422 6468 4865 218.9k 0.65
PROF_DETECT_ALERT IPv4 17 7 4512 18744 7517 52.6k 0.16
PROF_DETECT_CLEANUP IPv4 6 45 4472 16118 5457 245.6k 0.73
PROF_DETECT_CLEANUP IPv4 17 7 4606 7740 6352 44.5k 0.13
PROF_DETECT_GETSGH IPv4 6 45 4440 101124 8829 397.3k 1.19
PROF_DETECT_GETSGH IPv4 17 7 4486 27040 12219 85.5k 0.26
PROF_DETECT_IPONLY IPv6 17 1 34524 34524 34524 34.5k 0.10
PROF_DETECT_RULES IPv6 17 1 257066 257066 257066 257.1k 0.77
PROF_DETECT_STATEFUL_CONT IPv6 17 1 4664 4664 4664 4.7k 0.01
PROF_DETECT_PREFILTER IPv6 17 1 102894 102894 102894 102.9k 0.31
PROF_DETECT_PF_PAYLOAD IPv6 17 1 70416 70416 70416 70.4k 0.21
PROF_DETECT_PF_SORT1 IPv6 17 1 7312 7312 7312 7.3k 0.02
PROF_DETECT_PF_SORT2 IPv6 17 1 6536 6536 6536 6.5k 0.02
PROF_DETECT_NONMPMLIST IPv6 17 1 5262 5262 5262 5.3k 0.02
PROF_DETECT_ALERT IPv6 17 1 4654 4654 4654 4.7k 0.01
PROF_DETECT_CLEANUP IPv6 17 1 5412 5412 5412 5.4k 0.02
PROF_DETECT_GETSGH IPv6 17 1 63926 63926 63926 63.9k 0.19
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | ------------------------------------------------------------------------------------
Date: 12/13/2019 -- 17:58:29 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
decoder.pkts | Total | 57
decoder.bytes | Total | 19959
decoder.ipv4 | Total | 52
decoder.ipv6 | Total | 1
decoder.ethernet | Total | 57
decoder.tcp | Total | 45
decoder.udp | Total | 8
decoder.avg_pkt_size | Total | 350
decoder.max_pkt_size | Total | 1514
flow.tcp | Total | 5
flow.udp | Total | 4
tcp.sessions | Total | 2
tcp.syn | Total | 4
tcp.synack | Total | 1
tcp.rst | Total | 6
detect.mpm_list | Total | 5
detect.nonmpm_list | Total | 2
detect.match_list | Total | 6
app_layer.flow.http | Total | 1
app_layer.tx.http | Total | 3
app_layer.flow.dns_udp | Total | 2
app_layer.tx.dns_udp | Total | 2
app_layer.flow.failed_udp | Total | 2
flow.spare | Total | 9999
flow_mgr.flows_checked | Total | 4
flow_mgr.flows_notimeout | Total | 4
flow_mgr.rows_checked | Total | 65536
flow_mgr.rows_empty | Total | 65532
flow_mgr.rows_maxlen | Total | 1
tcp.memuse | Total | 573440
tcp.reassembly_memuse | Total | 81920
flow.memuse | Total | 7075168
|
1 2 3 4 5 6 7 8 9 10 11 | {"timestamp":"2019-11-15T19:08:27.693677+0000","flow_id":1704844178724269,"pcap_cnt":5,"event_type":"dns","src_ip":"192.168.240.35","src_port":61150,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44565,"rrname":"bn12ka.ddns.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-15T19:08:24.595818+0000","flow_id":1704844178724269,"pcap_cnt":6,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.35","dest_port":61150,"proto":"UDP","dns":{"type":"answer","id":44565,"rcode":"NOERROR","rrname":"bn12ka.ddns.net","rrtype":"A","ttl":59,"rdata":"80.211.157.19"}}
{"timestamp":"2019-11-15T19:08:25.296626+0000","flow_id":2074722467100090,"pcap_cnt":26,"event_type":"http","src_ip":"192.168.240.35","src_port":49234,"dest_ip":"80.211.157.19","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"bn12ka.ddns.net","url":"\/pn\/r5q9q8l5c5Q4l5Grlpt\/nn\/r5q9q8l5c5Q4l5Grlpt"}}
{"timestamp":"2019-11-15T19:08:25.515272+0000","flow_id":2074722467100090,"pcap_cnt":27,"event_type":"fileinfo","src_ip":"80.211.157.19","src_port":80,"dest_ip":"192.168.240.35","dest_port":49234,"proto":"TCP","http":{"hostname":"bn12ka.ddns.net","url":"\/pn\/r5q9q8l5c5Q4l5Grlpt\/nn\/r5q9q8l5c5Q4l5Grlpt","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":15005},"app_proto":"http","fileinfo":{"filename":"\/pn\/r5q9q8l5c5Q4l5Grlpt\/nn\/r5q9q8l5c5Q4l5Grlpt","gaps":false,"state":"CLOSED","stored":false,"size":15005,"tx_id":0}}
{"timestamp":"2019-11-15T19:08:25.900691+0000","flow_id":2074722467100090,"pcap_cnt":29,"event_type":"http","src_ip":"192.168.240.35","src_port":49234,"dest_ip":"80.211.157.19","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"bn12ka.ddns.net","url":"\/pn\/r5q9q8l5c5Q4l5Grlpt\/nn\/index.php","http_content_type":"text\/html"}}
{"timestamp":"2019-11-15T19:08:26.302702+0000","flow_id":2074722467100090,"pcap_cnt":31,"event_type":"fileinfo","src_ip":"80.211.157.19","src_port":80,"dest_ip":"192.168.240.35","dest_port":49234,"proto":"TCP","http":{"hostname":"bn12ka.ddns.net","url":"\/pn\/r5q9q8l5c5Q4l5Grlpt\/nn\/index.php","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":6},"app_proto":"http","fileinfo":{"filename":"\/pn\/r5q9q8l5c5Q4l5Grlpt\/nn\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":6,"tx_id":1}}
{"timestamp":"2019-11-15T19:08:26.495789+0000","flow_id":2074722467100090,"pcap_cnt":33,"event_type":"http","src_ip":"192.168.240.35","src_port":49234,"dest_ip":"80.211.157.19","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"bn12ka.ddns.net","url":"\/pn\/r5q9q8l5c5Q4l5GrlptMD\/nn\/md.zip","http_content_type":"text\/html"}}
{"timestamp":"2019-11-15T19:08:30.514006+0000","flow_id":2074722467100090,"pcap_cnt":34,"event_type":"fileinfo","src_ip":"80.211.157.19","src_port":80,"dest_ip":"192.168.240.35","dest_port":49234,"proto":"TCP","http":{"hostname":"bn12ka.ddns.net","url":"\/pn\/r5q9q8l5c5Q4l5GrlptMD\/nn\/md.zip","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":277},"app_proto":"http","fileinfo":{"filename":"\/pn\/r5q9q8l5c5Q4l5GrlptMD\/nn\/md.zip","gaps":false,"state":"CLOSED","stored":false,"size":277,"tx_id":2}}
{"timestamp":"2019-11-15T19:08:44.872899+0000","flow_id":1125448796623299,"pcap_cnt":38,"event_type":"dns","src_ip":"192.168.240.35","src_port":64409,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46635,"rrname":"config.messenger.msn.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-11-15T19:08:44.879231+0000","flow_id":1125448796623299,"pcap_cnt":39,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.35","dest_port":64409,"proto":"UDP","dns":{"type":"answer","id":46635,"rcode":"NOERROR","rrname":"config.messenger.msn.com","rrtype":"CNAME","ttl":9,"rdata":"config.messenger.msnmessenger.msn.com.akadns.net"}}
{"timestamp":"2019-11-15T19:08:44.879231+0000","flow_id":1125448796623299,"pcap_cnt":39,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.35","dest_port":64409,"proto":"UDP","dns":{"type":"answer","id":46635,"rcode":"NOERROR","rrname":"config.messenger.msnmessenger.msn.com.akadns.net","rrtype":"A","ttl":119,"rdata":"64.4.26.155"}}
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 | --------------------------------------------------------------------------------------------------------------------------------
Date: 12/13/2019 -- 17:58:29
--------------------------------------------------------------------------------------------------------------------------------
Stats for: total
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 1411466 96 96 435872 14702.00 14702.00 0.00
content 1629336 190 134 436080 8575.00 6239.00 14164.00
pcre 458530 21 8 60638 21834.00 18336.00 23987.00
byte_test 117038 18 7 23528 6502.00 8301.00 5357.00
isdataat 9634 2 0 4850 4817.00 0.00 4817.00
flowbits 81842 13 4 20984 6295.00 9572.00 4839.00
urilen 60264 11 2 6560 5478.00 5907.00 5383.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flow 1411466 96 96 435872 14702.00 14702.00 0.00
flowbits 48576 10 1 5328 4857.00 5022.00 4839.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: packet/stream payload
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 242458 29 20 50296 8360.00 7260.00 10804.00
pcre 39240 3 0 26132 13080.00 0.00 13080.00
byte_test 117038 18 7 23528 6502.00 8301.00 5357.00
isdataat 9634 2 0 4850 4817.00 0.00 4817.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: post-match
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
flowbits 33266 3 3 20984 11088.00 11088.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_uri
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 251654 39 23 9456 6452.00 6765.00 6003.00
pcre 259890 13 8 34276 19991.00 18336.00 22640.00
urilen 60264 11 2 6560 5478.00 5907.00 5383.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_response_line
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 10130 2 0 5096 5065.00 0.00 5065.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: file_data
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 19558 3 0 8660 6519.00 0.00 6519.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 408414 70 64 8018 5834.00 5833.00 5840.00
pcre 159400 5 0 60638 31880.00 0.00 31880.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_header_names
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 87094 14 14 7526 6221.00 6221.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_content_type
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 21900 4 4 6104 5475.00 5475.00 0.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_method
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 560316 24 6 436080 23346.00 5926.00 29153.00
--------------------------------------------------------------------------------------------------------------------------------
Stats for: http_stat_code
--------------------------------------------------------------------------------------------------------------------------------
Keyword Ticks Checks Matches Max Ticks Avg Avg Match Avg No Match
---------------- --------------- --------------- --------------- --------------- --------------- --------------- ---------------
content 27812 5 3 7780 5562.00 5791.00 5219.00
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 | lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bc930075afd0cc57f72bbfbb149ab86e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12132019.1758-3514e.pcap -vvv -k none
elapsedtime:24.261619
stderr:
stdout:
13/12/2019 -- 17:58:05 - <Info> - Configuration node 'rule-files' redefined.
13/12/2019 -- 17:58:05 - <Notice> - This is Suricata version 4.0.0 RELEASE
13/12/2019 -- 17:58:05 - <Info> - CPUs/cores online: 1
13/12/2019 -- 17:58:05 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31284 and 'request-body-inspect-window' set to 15926 after randomization.
13/12/2019 -- 17:58:05 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33797 and 'response-body-inspect-window' set to 16104 after randomization.
13/12/2019 -- 17:58:05 - <Config> - DNS request flood protection level: 500
13/12/2019 -- 17:58:05 - <Config> - DNS per flow memcap (state-memcap): 524288
13/12/2019 -- 17:58:05 - <Config> - DNS global memcap: 16777216
13/12/2019 -- 17:58:05 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
13/12/2019 -- 17:58:05 - <Config> - preallocated 1000 hosts of size 136
13/12/2019 -- 17:58:05 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
13/12/2019 -- 17:58:05 - <Config> - using magic-file /usr/share/file/magic
13/12/2019 -- 17:58:05 - <Config> - Core dump size is unlimited.
13/12/2019 -- 17:58:05 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
13/12/2019 -- 17:58:05 - <Config> - preallocated 1000 defrag trackers of size 168
13/12/2019 -- 17:58:05 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
13/12/2019 -- 17:58:05 - <Config> - stream "prealloc-sessions": 2048 (per thread)
13/12/2019 -- 17:58:05 - <Config> - stream "memcap": 33554432
13/12/2019 -- 17:58:05 - <Config> - stream "midstream" session pickups: disabled
13/12/2019 -- 17:58:05 - <Config> - stream "async-oneside": disabled
13/12/2019 -- 17:58:05 - <Config> - stream "checksum-validation": disabled
13/12/2019 -- 17:58:05 - <Config> - stream."inline": disabled
13/12/2019 -- 17:58:05 - <Config> - stream "bypass": disabled
13/12/2019 -- 17:58:05 - <Config> - stream "max-synack-queued": 5
13/12/2019 -- 17:58:05 - <Config> - stream.reassembly "memcap": 134217728
13/12/2019 -- 17:58:05 - <Config> - stream.reassembly "depth": 0
13/12/2019 -- 17:58:05 - <Config> - stream.reassembly "toserver-chunk-size": 2545
13/12/2019 -- 17:58:05 - <Config> - stream.reassembly "toclient-chunk-size": 2460
13/12/2019 -- 17:58:05 - <Config> - stream.reassembly.raw: enabled
13/12/2019 -- 17:58:05 - <Config> - stream.reassembly "segment-prealloc": 2048
13/12/2019 -- 17:58:05 - <Config> - Delayed detect disabled
13/12/2019 -- 17:58:05 - <Config> - pattern matchers: MPM: ac, SPM: bm
13/12/2019 -- 17:58:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
13/12/2019 -- 17:58:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
13/12/2019 -- 17:58:05 - <Config> - prefilter engines: MPM
13/12/2019 -- 17:58:05 - <Config> - IP reputation disabled
13/12/2019 -- 17:58:05 - <Perf> - Registered 148 keyword profiling counters.
13/12/2019 -- 17:58:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
13/12/2019 -- 17:58:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
13/12/2019 -- 17:58:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
13/12/2019 -- 17:58:10 - <Config> - No rules loaded from ET-icmp.rules.
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
13/12/2019 -- 17:58:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
13/12/2019 -- 17:58:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
13/12/2019 -- 17:58:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
13/12/2019 -- 17:58:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
13/12/2019 -- 17:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
13/12/2019 -- 17:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
13/12/2019 -- 17:58:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
13/12/2019 -- 17:58:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
13/12/2019 -- 17:58:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
13/12/2019 -- 17:58:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
13/12/2019 -- 17:58:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
13/12/2019 -- 17:58:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
13/12/2019 -- 17:58:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
13/12/2019 -- 17:58:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
13/12/2019 -- 17:58:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
13/12/2019 -- 17:58:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
13/12/2019 -- 17:58:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
13/12/2019 -- 17:58:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
13/12/2019 -- 17:58:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
13/12/2019 -- 17:58:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
13/12/2019 -- 17:58:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
13/12/2019 -- 17:58:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
13/12/2019 -- 17:58:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
13/12/2019 -- 17:58:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
13/12/2019 -- 17:58:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
13/12/2019 -- 17:58:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
13/12/2019 -- 17:58:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
13/12/2019 -- 17:58:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
13/12/2019 -- 17:58:18 - <Config> - No rules loaded from local.rules.
13/12/2019 -- 17:58:18 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
13/12/2019 -- 17:58:18 - <Info> - Threshold config parsed: 0 rule(s) found
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for tcp-packet
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for tcp-stream
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for udp-packet
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for other-ip
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_uri
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_request_line
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_client_body
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_response_line
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_header
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_header
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_header_names
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_header_names
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_accept
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_accept_enc
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_accept_lang
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_referer
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_connection
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_content_len
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_content_len
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_content_type
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_content_type
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_protocol
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_protocol
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_start
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_start
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_raw_header
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_raw_header
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_method
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_cookie
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_cookie
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_raw_uri
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_user_agent
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_host
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_raw_host
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_stat_msg
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_stat_code
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for dns_query
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for tls_sni
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for tls_cert_issuer
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for tls_cert_subject
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for tls_cert_serial
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for dce_stub_data
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for dce_stub_data
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for ssh_protocol
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for ssh_protocol
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for ssh_software
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for ssh_software
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for file_data
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for file_data
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_request_line
13/12/2019 -- 17:58:19 - <Perf> - using shared mpm ctx' for http_response_line
13/12/2019 -- 17:58:19 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
13/12/2019 -- 17:58:19 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
13/12/2019 -- 17:58:19 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
13/12/2019 -- 17:58:19 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
13/12/2019 -- 17:58:19 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
13/12/2019 -- 17:58:19 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
13/12/2019 -- 17:58:19 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
13/12/2019 -- 17:58:19 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
13/12/2019 -- 17:58:25 - <Perf> - Unique rule groups: 104
13/12/2019 -- 17:58:25 - <Perf> - Builtin MPM "toserver TCP packet": 35
13/12/2019 -- 17:58:25 - <Perf> - Builtin MPM "toclient TCP packet": 17
13/12/2019 -- 17:58:25 - <Perf> - Builtin MPM "toserver TCP stream": 33
13/12/2019 -- 17:58:25 - <Perf> - Builtin MPM "toclient TCP stream": 19
13/12/2019 -- 17:58:25 - <Perf> - Builtin MPM "toserver UDP packet": 27
13/12/2019 -- 17:58:25 - <Perf> - Builtin MPM "toclient UDP packet": 17
13/12/2019 -- 17:58:25 - <Perf> - Builtin MPM "other IP packet": 3
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_uri": 14
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_request_line": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_client_body": 6
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient http_response_line": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_header": 10
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient http_header": 6
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_header_names": 2
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_accept": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_referer": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_content_len": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_content_type": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient http_content_type": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_protocol": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_start": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_method": 5
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_cookie": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient http_cookie": 2
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver http_host": 2
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver dns_query": 4
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver tls_sni": 2
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toserver file_data": 1
13/12/2019 -- 17:58:25 - <Perf> - AppLayer MPM "toclient file_data": 7
13/12/2019 -- 17:58:28 - <Perf> - Registered 39590 rule profiling counters.
13/12/2019 -- 17:58:28 - <Info> - fast output device (regular) initialized: alert
13/12/2019 -- 17:58:28 - <Info> - eve-log output device (regular) initialized: eve.json
13/12/2019 -- 17:58:28 - <Config> - enabling 'eve-log' module 'alert'
13/12/2019 -- 17:58:28 - <Config> - enabling 'eve-log' module 'http'
13/12/2019 -- 17:58:28 - <Config> - enabling 'eve-log' module 'dns'
13/12/2019 -- 17:58:28 - <Config> - enabling 'eve-log' module 'tls'
13/12/2019 -- 17:58:28 - <Config> - enabling 'eve-log' module 'files'
13/12/2019 -- 17:58:28 - <Config> - enabling 'eve-log' module 'ssh'
13/12/2019 -- 17:58:28 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
13/12/2019 -- 17:58:28 - <Info> - stats output device (regular) initialized: stats.log
13/12/2019 -- 17:58:28 - <Config> - AutoFP mode using "Hash" flow load
|
1 2 3 4 5 6 7 8 | 2019-12-13 17:58:04,268 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-12-13 17:58:05,064 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-12-13 17:58:05,064 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-12-13 17:58:05,065 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-12-13 17:58:05,065 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-12-13 17:58:05,065 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bc930075afd0cc57f72bbfbb149ab86e56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12132019.1758-3514e.pcap -vvv -k none
2019-12-13 17:58:29,330 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-12-13 17:58:29,331 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.0715990067
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 | --------------------------------------------------------------------------
Date: 12/13/2019 -- 17:58:29. Sorted by: max ticks.
--------------------------------------------------------------------------
Num Rule Gid Rev Ticks % Checks Matches Max Ticks Avg Ticks Avg Match Avg No Match
-------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- --------------
1 2815568 1 2 535588 5.55 1 0 535588 535588.00 0.00 535588.00
2 2016537 1 2 912868 9.47 10 3 530564 91286.80 246584.67 24730.57
3 2021418 1 9 503900 5.23 1 0 503900 503900.00 0.00 503900.00
4 2015877 1 6 486888 5.05 1 0 486888 486888.00 0.00 486888.00
5 2821569 1 7 481344 4.99 1 0 481344 481344.00 0.00 481344.00
6 2017264 1 2 463214 4.80 1 0 463214 463214.00 0.00 463214.00
7 2821615 1 2 143262 1.49 1 0 143262 143262.00 0.00 143262.00
8 2814000 1 2 124808 1.29 1 0 124808 124808.00 0.00 124808.00
9 2816365 1 3 98540 1.02 1 0 98540 98540.00 0.00 98540.00
10 2828060 1 4 139942 1.45 2 0 94062 69971.00 0.00 69971.00
11 2830124 1 1 90100 0.93 1 0 90100 90100.00 0.00 90100.00
12 2016706 1 20 87100 0.90 1 0 87100 87100.00 0.00 87100.00
13 2015968 1 8 179440 1.86 3 0 85882 59813.33 0.00 59813.33
14 2826256 1 2 239862 2.49 3 0 83488 79954.00 0.00 79954.00
15 2024771 1 1 212080 2.20 6 0 82652 35346.67 0.00 35346.67
16 2816165 1 5 218260 2.26 3 0 80324 72753.33 0.00 72753.33
17 2014701 1 12 136056 1.41 4 0 79524 34014.00 0.00 34014.00
18 2021413 1 2 77836 0.81 1 0 77836 77836.00 0.00 77836.00
19 2019094 1 5 75104 0.78 1 0 75104 75104.00 0.00 75104.00
20 2809363 1 3 74914 0.78 1 0 74914 74914.00 0.00 74914.00
21 2807440 1 3 73360 0.76 1 0 73360 73360.00 0.00 73360.00
22 2828986 1 2 124602 1.29 2 0 72552 62301.00 0.00 62301.00
23 2022334 1 2 72440 0.75 1 0 72440 72440.00 0.00 72440.00
24 2823858 1 3 69164 0.72 1 0 69164 69164.00 0.00 69164.00
25 2023083 1 2 166374 1.73 3 0 67600 55458.00 0.00 55458.00
26 2807970 1 8 67584 0.70 1 0 67584 67584.00 0.00 67584.00
27 2022901 1 2 66292 0.69 1 0 66292 66292.00 0.00 66292.00
28 2830036 1 1 123954 1.29 2 0 66108 61977.00 0.00 61977.00
29 2821471 1 2 64826 0.67 1 0 64826 64826.00 0.00 64826.00
30 2016759 1 1 178028 1.85 3 0 63572 59342.67 0.00 59342.67
31 2814214 1 3 62972 0.65 1 0 62972 62972.00 0.00 62972.00
32 2802880 1 3 61174 0.63 1 0 61174 61174.00 0.00 61174.00
33 2809267 1 8 60754 0.63 1 0 60754 60754.00 0.00 60754.00
34 2803760 1 3 85360 0.89 2 0 58516 42680.00 0.00 42680.00
35 2830035 1 2 57158 0.59 1 0 57158 57158.00 0.00 57158.00
36 2807793 1 4 55484 0.58 1 0 55484 55484.00 0.00 55484.00
37 2829848 1 2 102060 1.06 2 0 55464 51030.00 0.00 51030.00
38 2812433 1 2 54196 0.56 1 0 54196 54196.00 0.00 54196.00
39 2829607 1 1 51190 0.53 1 0 51190 51190.00 0.00 51190.00
40 2815102 1 2 48078 0.50 1 0 48078 48078.00 0.00 48078.00
41 2815942 1 2 46866 0.49 1 0 46866 46866.00 0.00 46866.00
42 2829644 1 1 46786 0.49 1 0 46786 46786.00 0.00 46786.00
43 2809511 1 4 46694 0.48 1 0 46694 46694.00 0.00 46694.00
44 2017261 1 3 46422 0.48 1 0 46422 46422.00 0.00 46422.00
45 2025162 1 2 46204 0.48 1 0 46204 46204.00 0.00 46204.00
46 2020181 1 8 45932 0.48 1 0 45932 45932.00 0.00 45932.00
47 2017948 1 2 45716 0.47 1 0 45716 45716.00 0.00 45716.00
48 2017552 1 6 322072 3.34 10 0 45154 32207.20 0.00 32207.20
49 2024196 1 3 43202 0.45 1 0 43202 43202.00 0.00 43202.00
50 2014967 1 3 42900 0.44 1 0 42900 42900.00 0.00 42900.00
51 2811577 1 2 46520 0.48 2 0 41246 23260.00 0.00 23260.00
52 2012707 1 5 72964 0.76 2 0 36670 36482.00 0.00 36482.00
53 2816668 1 3 35706 0.37 1 0 35706 35706.00 0.00 35706.00
54 2024606 1 2 35450 0.37 1 0 35450 35450.00 0.00 35450.00
55 2023316 1 2 35144 0.36 1 0 35144 35144.00 0.00 35144.00
56 2816899 1 2 34742 0.36 1 0 34742 34742.00 0.00 34742.00
57 2018793 1 4 34690 0.36 1 0 34690 34690.00 0.00 34690.00
58 2016809 1 5 34416 0.36 1 0 34416 34416.00 0.00 34416.00
59 2014702 1 9 67354 0.70 4 0 32784 16838.50 0.00 16838.50
60 2826281 1 2 56590 0.59 2 0 29160 28295.00 0.00 28295.00
61 2022543 1 1 54630 0.57 2 0 28966 27315.00 0.00 27315.00
62 2024513 1 5 54874 0.57 2 0 28372 27437.00 0.00 27437.00
63 2802876 1 3 28184 0.29 1 0 28184 28184.00 0.00 28184.00
64 2014703 1 9 63434 0.66 4 0 27832 15858.50 0.00 15858.50
65 2811542 1 1 55978 0.58 3 0 25964 18659.33 0.00 18659.33
66 2809272 1 1 31680 0.33 2 0 25792 15840.00 0.00 15840.00
67 2819882 1 2 25478 0.26 1 0 25478 25478.00 0.00 25478.00
68 2810055 1 2 48744 0.51 2 0 24876 24372.00 0.00 24372.00
69 2823937 1 13 47786 0.50 2 0 24424 23893.00 0.00 23893.00
70 2019230 1 2 30020 0.31 2 0 24412 15010.00 0.00 15010.00
71 2811544 1 1 29356 0.30 2 0 24064 14678.00 0.00 14678.00
72 2016323 1 1 26316 0.27 3 0 15826 8772.00 0.00 8772.00
73 2810793 1 5 19840 0.21 3 0 9324 6613.33 0.00 6613.33
74 2811447 1 2 50996 0.53 9 0 8502 5666.22 0.00 5666.22
75 2828877 1 1 71646 0.74 13 0 8474 5511.23 0.00 5511.23
76 2025200 1 1 26720 0.28 4 0 7918 6680.00 0.00 6680.00
77 2008420 1 4 37326 0.39 6 0 7734 6221.00 0.00 6221.00
78 2805354 1 7 7400 0.08 1 0 7400 7400.00 0.00 7400.00
79 2802205 1 3 12302 0.13 2 0 7098 6151.00 0.00 6151.00
80 2008116 1 4 12896 0.13 2 0 7024 6448.00 0.00 6448.00
81 2010140 1 7 17156 0.18 3 0 7004 5718.67 0.00 5718.67
82 2010143 1 3 17422 0.18 3 0 6818 5807.33 0.00 5807.33
83 2804586 1 2 17690 0.18 3 0 6812 5896.67 0.00 5896.67
84 2010142 1 4 15804 0.16 3 0 6574 5268.00 0.00 5268.00
85 2023626 1 3 37180 0.39 7 0 6504 5311.43 0.00 5311.43
86 2828876 1 1 34084 0.35 6 0 6468 5680.67 0.00 5680.67
87 2023627 1 3 16922 0.18 3 0 6262 5640.67 0.00 5640.67
88 2023624 1 3 31378 0.33 6 0 6224 5229.67 0.00 5229.67
89 2816382 1 1 10692 0.11 2 0 6208 5346.00 0.00 5346.00
90 2009243 1 2 11496 0.12 2 0 6208 5748.00 0.00 5748.00
91 2100518 1 8 11472 0.12 2 0 6144 5736.00 0.00 5736.00
92 2019010 1 3 6142 0.06 1 0 6142 6142.00 0.00 6142.00
93 2100540 1 12 21324 0.22 4 0 6022 5331.00 0.00 5331.00
94 2008120 1 4 25270 0.26 5 0 6014 5054.00 0.00 5054.00
95 2019403 1 1 11026 0.11 2 0 6012 5513.00 0.00 5513.00
96 2102523 1 8 20392 0.21 4 0 5990 5098.00 0.00 5098.00
97 2023625 1 3 36252 0.38 7 0 5958 5178.86 0.00 5178.86
98 2023613 1 3 24638 0.26 5 0 5876 4927.60 0.00 4927.60
99 2023623 1 3 14894 0.15 3 0 5824 4964.67 0.00 4964.67
100 2828748 1 2 66120 0.69 13 0 5804 5086.15 0.00 5086.15
101 2013075 1 8 10320 0.11 2 0 5788 5160.00 0.00 5160.00
102 2019017 1 3 5776 0.06 1 0 5776 5776.00 0.00 5776.00
103 2023614 1 3 29576 0.31 6 0 5734 4929.33 0.00 4929.33
104 2100540 1 12 20870 0.22 4 0 5734 5217.50 0.00 5217.50
105 2823788 1 4 11236 0.12 2 0 5702 5618.00 0.00 5618.00
106 2023622 1 3 33798 0.35 7 0 5694 4828.29 0.00 4828.29
107 2100566 1 5 15388 0.16 3 0 5666 5129.33 0.00 5129.33
108 2016363 1 2 15780 0.16 3 0 5650 5260.00 0.00 5260.00
109 2009702 1 5 20586 0.21 4 0 5526 5146.50 0.00 5146.50
110 2021585 1 3 10976 0.11 2 0 5490 5488.00 0.00 5488.00
111 2811402 1 2 5438 0.06 1 0 5438 5438.00 0.00 5438.00
112 2001298 1 9 5322 0.06 1 0 5322 5322.00 0.00 5322.00
113 2021584 1 4 5284 0.05 1 0 5284 5284.00 0.00 5284.00
114 2802822 1 1 5274 0.05 1 0 5274 5274.00 0.00 5274.00
115 2019011 1 3 5274 0.05 1 0 5274 5274.00 0.00 5274.00
116 2801347 1 5 18652 0.19 4 0 5222 4663.00 0.00 4663.00
117 2823571 1 2 5208 0.05 1 0 5208 5208.00 0.00 5208.00
118 2023617 1 3 18872 0.20 4 0 5204 4718.00 0.00 4718.00
119 2008118 1 3 10086 0.10 2 0 5196 5043.00 0.00 5043.00
120 2008117 1 3 5158 0.05 1 0 5158 5158.00 0.00 5158.00
121 2023612 1 4 18472 0.19 4 0 5154 4618.00 0.00 4618.00
122 2102523 1 8 5148 0.05 1 0 5148 5148.00 0.00 5148.00
123 2802823 1 1 5000 0.05 1 0 5000 5000.00 0.00 5000.00
124 2023615 1 3 13874 0.14 3 0 4998 4624.67 0.00 4624.67
125 2019016 1 3
|