Filename: 123456.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.1548697948 seconds
Hash: bf33640071f0ba7015a2ccc660c6c262
Uploaded: 1557153254

Logfiles


suricata-4.0.0-etpro-all-alert-2019-05-06-T-14-34-37-05062019.1428-123456.pcap.txt - (11797 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
10/01/2018-18:54:24.658428  [**] [1:2009702:5] ET POLICY DNS Update From External net [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.1.75.167:57645 -> 10.1.75.4:53
10/01/2018-18:54:24.668530  [**] [1:2009702:5] ET POLICY DNS Update From External net [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.1.75.167:63452 -> 10.1.75.4:53
10/01/2018-18:55:34.190234  [**] [1:2019613:3] ET POLICY Office Document Download Containing AutoOpen Macro [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 190.107.177.240:80 -> 10.1.75.167:62049
10/01/2018-18:55:34.196300  [**] [1:2019837:3] ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 190.107.177.240:80 -> 10.1.75.167:62049
10/01/2018-18:56:04.357050  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 23.229.231.33:80 -> 10.1.75.167:62057
10/01/2018-18:56:04.357050  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 23.229.231.33:80 -> 10.1.75.167:62057
10/01/2018-18:56:04.357050  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 23.229.231.33:80 -> 10.1.75.167:62057
10/01/2018-18:57:48.573073  [**] [1:2021997:3] ET POLICY External IP Lookup api.ipify.org [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.1.75.167:62060 -> 54.243.123.39:80
10/01/2018-19:00:42.319389  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.167:62069
10/01/2018-19:00:42.715968  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.161.54.60:80 -> 10.1.75.167:62069
10/01/2018-19:00:42.715968  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.167:62069
10/01/2018-19:00:42.715968  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.167:62069
10/01/2018-19:01:07.982124  [**] [1:2008276:15] ET USER_AGENTS Suspicious User-Agent (contains loader) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.167:62072 -> 192.161.54.60:80
10/01/2018-19:01:07.982128  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:01:08.383375  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:01:08.383375  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:01:10.784194  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:10.784245  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:10.992560  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:16.009700  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:16.012335  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:21.022919  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:21.025328  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:26.051549  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:26.054326  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:31.088039  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:31.091481  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:34.635891  [**] [1:2830243:2] ETPRO TROJAN W32/Trickbot C2 (networkDll module) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.167:62339 -> 200.29.24.36:8082
10/01/2018-19:01:34.635891  [**] [1:2100494:12] GPL ATTACK_RESPONSE command completed [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.1.75.167:62339 -> 200.29.24.36:8082
10/01/2018-19:01:36.119620  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:36.122134  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:36.122555  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:36.337415  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:41.366571  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:41.369202  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:46.373114  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:46.376181  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.390335  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.396271  [**] [1:2102471:12] GPL NETBIOS SMB-DS C$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.470057  [**] [1:2102471:12] GPL NETBIOS SMB-DS C$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.495886  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:54.720050  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:55.278718  [**] [1:2008276:15] ET USER_AGENTS Suspicious User-Agent (contains loader) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.167:62072 -> 192.161.54.60:80
10/01/2018-19:01:55.278959  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:01:55.676464  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:07:16.589310  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.4:63617
10/01/2018-19:07:17.373012  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.161.54.60:80 -> 10.1.75.4:63617
10/01/2018-19:07:17.373012  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.4:63617
10/01/2018-19:07:17.373012  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.4:63617
10/01/2018-19:07:27.825926  [**] [1:2830243:2] ETPRO TROJAN W32/Trickbot C2 (networkDll module) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.4:63614 -> 200.29.24.36:8082
10/01/2018-19:07:27.825926  [**] [1:2100494:12] GPL ATTACK_RESPONSE command completed [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.1.75.4:63614 -> 200.29.24.36:8082
10/01/2018-19:07:50.242736  [**] [1:2008276:15] ET USER_AGENTS Suspicious User-Agent (contains loader) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.4:63620 -> 192.161.54.60:80
10/01/2018-19:07:50.242915  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:07:50.643620  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:07:50.643620  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:07:57.354868  [**] [1:2008276:15] ET USER_AGENTS Suspicious User-Agent (contains loader) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.4:63620 -> 192.161.54.60:80
10/01/2018-19:07:57.355018  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:07:58.143786  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:09:44.887134  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62349 -> 10.1.75.4:445


packet_stats.log - (15300 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            12          3372428      708155592     238415964          2.9b    0.02
 IPv4       6          9010          4357346     2553248560    1453296349      13094.2b   95.07
 IPv4      17           485          2559868     2553047249    1394750445        676.5b    4.91
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            12            88842         131339         97446          1.2m    0.04
TMM_FLOWWORKER              IPv4       6          9010            62032       27098845        298940          2.7b   91.32
TMM_FLOWWORKER              IPv4      17           485           132310       17040821        354118        171.7m    5.82
TMM_RECEIVEPCAPFILE         IPv4       2            12             2557           3135          2783         33.4k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          8843             2540       10195027          5114         45.2m    1.53
TMM_RECEIVEPCAPFILE         IPv4      17           485             2551          12066          2753          1.3m    0.05
TMM_DECODEPCAPFILE          IPv4       2            12             2658           3700          3030         36.4k    0.00
TMM_DECODEPCAPFILE          IPv4       6          8843             2656        4513432          3945         34.9m    1.18
TMM_DECODEPCAPFILE          IPv4      17           485             2671          39648          3128          1.5m    0.05

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          8843             2811         110871          3323         29.4m  1.09  
flow                    IPv4      17           485             2820          54923          3693          1.8m  0.07  
stream                  IPv4       6          9010             2643         264204          6828         61.5m  2.29  
app-layer               IPv4      17           485             2532          35641          5361          2.6m  0.10  
detect                  IPv4       2            12            83401         114008         90602          1.1m  0.04  
detect                  IPv4       6          9010            44045       27041739        268937          2.4b  90.18 
detect                  IPv4      17           485           115485       15425192        288742        140.0m  5.21  
tcp-prune               IPv4       6          9010             2545          55369          3035         27.4m  1.02  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            19             2941          67000         19682        374.0k  28.98 
http                    IPv4      17             3            68583          68583         68583        205.7k  15.95 
smb                     IPv4       6            20             2671           3473          2959         59.2k  4.59  
smb2                    IPv4       6             2             2658           2688          2673          5.3k  0.41  
dcerpc                  IPv4       6            50             2629          30671          3567        178.4k  13.82 
dcerpc                  IPv4      17             1             2631           2631          2631          2.6k  0.20  
dns                     IPv4       6             1             4731           4731          4731          4.7k  0.37  
dns                     IPv4      17            73             3029          13890          6306        460.3k  35.68 
Proto detect            IPv4       6            61             2700          23331          3913        238.7k
Proto detect            IPv4      17            93             2735          18820          5947        553.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            47            13951         111304         42600          2.0m  5.86  
LOGGER_ALERT_FAST           IPv4      17             2            25482          85033         55257        110.5k  0.32  
LOGGER_UNIFIED2             IPv4       6            47            17885         237059         53962          2.5m  7.42  
LOGGER_UNIFIED2             IPv4      17             2            70264         117535         93899        187.8k  0.55  
LOGGER_JSON_ALERT           IPv4       6            47            36738         153855         73606          3.5m  10.12 
LOGGER_JSON_ALERT           IPv4      17             2            47974          64814         56394        112.8k  0.33  
LOGGER_JSON_DNS             IPv4       6             2            63065          92610         77837        155.7k  0.46  
LOGGER_JSON_DNS             IPv4      17            60            26516       16506851        350624         21.0m  61.57 
LOGGER_JSON_HTTP            IPv4       6            21            37518         188879        119489          2.5m  7.34  
LOGGER_JSON_FILE            IPv4       6            21            53092         163464         97993          2.1m  6.02  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          5845             2551       13649469         24789       144.9m  19.24 
payload                           IPv4      17           485             3370         126827         14898         7.2m  0.96  
stream                            IPv4       6          5845             2524        5572841         36130       211.2m  28.04 
http_uri                          IPv4       6            21             4312          46692         13639       286.4k  0.04  
http_request_line                 IPv4       6            21             4288          17440          7752       162.8k  0.02  
http_client_body                  IPv4       6            30             2636         397842         28781       863.4k  0.11  
http_header (request)             IPv4       6            21             8894         157238         66744         1.4m  0.19  
http_header (request trailer)     IPv4       6            21             2606           3457          2718        57.1k  0.01  
http_header_names (request)       IPv4       6            21             6597          31271         19561       410.8k  0.05  
http_accept (request)             IPv4       6            21             3183          17609          4655        97.8k  0.01  
http_referer (request)            IPv4       6            21             2818          36895          4888       102.7k  0.01  
http_content_len (request)        IPv4       6            21             2798          16558          4564        95.9k  0.01  
http_content_type (request)       IPv4       6            21             2811          32879          5521       116.0k  0.02  
http_protocol (request)           IPv4       6            21             3879           6357          5296       111.2k  0.01  
http_start (request)              IPv4       6            21             6496          83997         18228       382.8k  0.05  
http_raw_header (request)         IPv4       6            30             3693         115270         16238       487.1k  0.06  
http_method                       IPv4       6            21             4416          20997          6596       138.5k  0.02  
http_cookie (request)             IPv4       6            21             2828          43570          8058       169.2k  0.02  
http_raw_uri                      IPv4       6            21             2853           9937          5278       110.8k  0.01  
http_user_agent                   IPv4       6            21             2947         105190         29459       618.6k  0.08  
http_host                         IPv4       6            21             3967          19932          6339       133.1k  0.02  
dns_query                         IPv4       6             1            12933          12933         12933        12.9k  0.00  
dns_query                         IPv4      17            30             3524          24033         12112       363.4k  0.05  
http_response_line                IPv4       6            21             3310          15641          8835       185.5k  0.02  
http_header (response)            IPv4       6            21             7055          78151         39394       827.3k  0.11  
http_header (response trailer)    IPv4       6            21             2591         116415         15493       325.4k  0.04  
http_content_type (response)      IPv4       6            21             3510          24442          8791       184.6k  0.02  
http_raw_header (response)        IPv4       6          2892             3472          95051          4470        12.9m  1.72  
http_cookie (response)            IPv4       6            21             3050          41502          5885       123.6k  0.02  
http_stat_code                    IPv4       6            21             2905          42759          6172       129.6k  0.02  
file_data (http response)         IPv4       6          2871             2569        3264019        128566       369.1m  49.00 
Total                             IPv4                 18491                                         40735       753.2m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            12            36674          63400         42268        507.2k  0.01  
PROF_DETECT_IPONLY          IPv4       6           252             3194         109907         40130         10.1m  0.29  
PROF_DETECT_IPONLY          IPv4      17           104            28964          80096         43402          4.5m  0.13  
PROF_DETECT_RULES           IPv4       2            12             2542           2579          2554         30.7k  0.00  
PROF_DETECT_RULES           IPv4       6          9010             2531       26233221        106445        959.1m  27.83 
PROF_DETECT_RULES           IPv4      17           485            55643       15276050        198002         96.0m  2.79  
PROF_DETECT_STATEFUL_START    IPv4       6          2915             5111        5819431         80901        235.8m  6.84  
PROF_DETECT_STATEFUL_CONT    IPv4       2            12             2522           2802          2626         31.5k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          9010             2514        5589281         11885        107.1m  3.11  
PROF_DETECT_STATEFUL_CONT    IPv4      17           485             2519          48034          3717          1.8m  0.05  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          6806             2551          47121          2811         19.1m  0.56  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            60             2591           4843          2966        178.0k  0.01  
PROF_DETECT_PREFILTER       IPv4       2            12             7789           9675          8349        100.2k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          9010             7741       13675156        109094        982.9m  28.52 
PROF_DETECT_PREFILTER       IPv4      17           485            24408         151485         40206         19.5m  0.57  
PROF_DETECT_PF_PAYLOAD      IPv4       6          5845            12891       13662143         69296        405.0m  11.75 
PROF_DETECT_PF_PAYLOAD      IPv4      17           485             8641         132158         20450          9.9m  0.29  
PROF_DETECT_PF_TX           IPv4       6          6806             2578        3278871         62889        428.0m  12.42 
PROF_DETECT_PF_TX           IPv4      17            30             8887          30102         18001        540.1k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6          4318             2531          57716          3748         16.2m  0.47  
PROF_DETECT_PF_SORT1        IPv4      17           485             2753          63464          3970          1.9m  0.06  
PROF_DETECT_PF_SORT2        IPv4       2            12             2522           2804          2604         31.3k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          9010             2519          64410          2960         26.7m  0.77  
PROF_DETECT_PF_SORT2        IPv4      17           485             2558          19004          2957          1.4m  0.04  
PROF_DETECT_NONMPMLIST      IPv4       2            12             2533           2807          2729         32.8k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          9010             2529          81087          2990         26.9m  0.78  
PROF_DETECT_NONMPMLIST      IPv4      17           485             2533          32957          3026          1.5m  0.04  
PROF_DETECT_ALERT           IPv4       2            12             2536           2824          2594         31.1k  0.00  
PROF_DETECT_ALERT           IPv4       6          9010             2525        2386435          3129         28.2m  0.82  
PROF_DETECT_ALERT           IPv4      17           485             2528          15065          2739          1.3m  0.04  
PROF_DETECT_CLEANUP         IPv4       2            12             2518           2588          2548         30.6k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          9010             2553         169517          2964         26.7m  0.78  
PROF_DETECT_CLEANUP         IPv4      17           485             2525          44590          3022          1.5m  0.04  
PROF_DETECT_GETSGH          IPv4       2            12             2619           2849          2765         33.2k  0.00  
PROF_DETECT_GETSGH          IPv4       6          9010             2524        1481536          3437         31.0m  0.90  
PROF_DETECT_GETSGH          IPv4      17           485             2580          36292          4342          2.1m  0.06  


stats.log - (3769 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
------------------------------------------------------------------------------------
Date: 5/6/2019 -- 14:34:37 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 9340
decoder.bytes                              | Total                     | 5948462
decoder.ipv4                               | Total                     | 9340
decoder.ethernet                           | Total                     | 9340
decoder.tcp                                | Total                     | 8843
decoder.udp                                | Total                     | 485
decoder.avg_pkt_size                       | Total                     | 636
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 128
flow.udp                                   | Total                     | 66
tcp.sessions                               | Total                     | 128
tcp.syn                                    | Total                     | 129
tcp.synack                                 | Total                     | 124
tcp.rst                                    | Total                     | 95
tcp.reassembly_gap                         | Total                     | 24
detect.alert                               | Total                     | 59
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 7
app_layer.flow.http                        | Total                     | 15
app_layer.tx.http                          | Total                     | 21
app_layer.flow.smb                         | Total                     | 8
app_layer.flow.dcerpc_tcp                  | Total                     | 10
app_layer.flow.dns_tcp                     | Total                     | 1
app_layer.tx.dns_tcp                       | Total                     | 1
app_layer.flow.failed_tcp                  | Total                     | 41
app_layer.flow.dns_udp                     | Total                     | 30
app_layer.tx.dns_udp                       | Total                     | 30
app_layer.flow.failed_udp                  | Total                     | 36
flow_mgr.closed_pruned                     | Total                     | 51
flow_mgr.new_pruned                        | Total                     | 29
flow_mgr.est_pruned                        | Total                     | 36
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 172
flow_mgr.flows_notimeout                   | Total                     | 11
flow_mgr.flows_timeout                     | Total                     | 161
flow_mgr.flows_timeout_inuse               | Total                     | 59
flow_mgr.flows_removed                     | Total                     | 102
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65364
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7123840


eve.json - (73659 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{"timestamp":"2018-10-01T18:54:16.743122+0000","flow_id":259158013662930,"pcap_cnt":13,"event_type":"dns","src_ip":"10.1.75.167","src_port":64439,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16935,"rrname":"_ldap._tcp.dc._msdcs.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:16.743123+0000","flow_id":259158013662930,"pcap_cnt":14,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":64439,"proto":"UDP","dns":{"type":"answer","id":16935,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:16.745869+0000","flow_id":1601236509417869,"pcap_cnt":15,"event_type":"dns","src_ip":"10.1.75.167","src_port":49641,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11190,"rrname":"pixelshine-dc.pixelshine.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:16.745869+0000","flow_id":1601236509417869,"pcap_cnt":16,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":49641,"proto":"UDP","dns":{"type":"answer","id":11190,"rcode":"NOERROR","rrname":"pixelshine-dc.pixelshine.net","rrtype":"A","ttl":3600,"rdata":"10.1.75.4"}}
{"timestamp":"2018-10-01T18:54:16.956644+0000","flow_id":270984206129380,"pcap_cnt":73,"event_type":"dns","src_ip":"10.1.75.167","src_port":63036,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14622,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:16.956840+0000","flow_id":270984206129380,"pcap_cnt":74,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63036,"proto":"UDP","dns":{"type":"answer","id":14622,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:17.741935+0000","flow_id":1175772754170415,"pcap_cnt":169,"event_type":"dns","src_ip":"10.1.75.167","src_port":56893,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52982,"rrname":"_ldap._tcp.dc._msdcs.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:17.741936+0000","flow_id":769333556498992,"pcap_cnt":170,"event_type":"dns","src_ip":"10.1.75.167","src_port":60070,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41098,"rrname":"_ldap._tcp.dc._msdcs.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:17.742174+0000","flow_id":1175772754170415,"pcap_cnt":171,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":56893,"proto":"UDP","dns":{"type":"answer","id":52982,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:17.742175+0000","flow_id":769333556498992,"pcap_cnt":172,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":60070,"proto":"UDP","dns":{"type":"answer","id":41098,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:17.858858+0000","flow_id":1245555235298026,"pcap_cnt":222,"event_type":"dns","src_ip":"10.1.75.167","src_port":54310,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21485,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:17.858995+0000","flow_id":1245555235298026,"pcap_cnt":223,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":54310,"proto":"UDP","dns":{"type":"answer","id":21485,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:17.954574+0000","flow_id":1511162455363790,"pcap_cnt":250,"event_type":"dns","src_ip":"10.1.75.167","src_port":62702,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60434,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:17.954699+0000","flow_id":1511162455363790,"pcap_cnt":251,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":62702,"proto":"UDP","dns":{"type":"answer","id":60434,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:18.094689+0000","flow_id":1646597806649825,"pcap_cnt":285,"event_type":"dns","src_ip":"10.1.75.167","src_port":49392,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64642,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.PixelShine-DC.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:18.094818+0000","flow_id":1646597806649825,"pcap_cnt":286,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":49392,"proto":"UDP","dns":{"type":"answer","id":64642,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Default-First-Site-Name._sites.PixelShine-DC.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:18.094818+0000","flow_id":1646597806649825,"pcap_cnt":286,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":49392,"proto":"UDP","dns":{"type":"answer","id":64642,"rcode":"NXDOMAIN","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:18.095235+0000","flow_id":1943036449420291,"pcap_cnt":287,"event_type":"dns","src_ip":"10.1.75.167","src_port":50255,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40367,"rrname":"_ldap._tcp.PixelShine-DC.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:18.095313+0000","flow_id":1943036449420291,"pcap_cnt":288,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":50255,"proto":"UDP","dns":{"type":"answer","id":40367,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.PixelShine-DC.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:18.095313+0000","flow_id":1943036449420291,"pcap_cnt":288,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":50255,"proto":"UDP","dns":{"type":"answer","id":40367,"rcode":"NXDOMAIN","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:19.671733+0000","flow_id":991129962758133,"pcap_cnt":433,"event_type":"dns","src_ip":"10.1.75.167","src_port":50034,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44663,"rrname":"wpad.pixelshine.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:19.671927+0000","flow_id":991129962758133,"pcap_cnt":434,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":50034,"proto":"UDP","dns":{"type":"answer","id":44663,"rcode":"NXDOMAIN","rrname":"wpad.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:19.671927+0000","flow_id":991129962758133,"pcap_cnt":434,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":50034,"proto":"UDP","dns":{"type":"answer","id":44663,"rcode":"NXDOMAIN","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:20.089129+0000","flow_id":1993680556416041,"pcap_cnt":439,"event_type":"dns","src_ip":"10.1.75.167","src_port":57197,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51041,"rrname":"isatap.pixelshine.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:20.089130+0000","flow_id":1993680556416041,"pcap_cnt":440,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57197,"proto":"UDP","dns":{"type":"answer","id":51041,"rcode":"NXDOMAIN","rrname":"isatap.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:20.089130+0000","flow_id":1993680556416041,"pcap_cnt":440,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57197,"proto":"UDP","dns":{"type":"answer","id":51041,"rcode":"NXDOMAIN","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:20.099765+0000","flow_id":1141984246662581,"pcap_cnt":441,"event_type":"dns","src_ip":"10.1.75.167","src_port":59409,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55016,"rrname":"PixelShine-DC.pixelshine.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:20.099766+0000","flow_id":1141984246662581,"pcap_cnt":442,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":59409,"proto":"UDP","dns":{"type":"answer","id":55016,"rcode":"NOERROR","rrname":"PixelShine-DC.pixelshine.net","rrtype":"A","ttl":3600,"rdata":"10.1.75.4"}}
{"timestamp":"2018-10-01T18:54:20.190148+0000","flow_id":645047940605636,"pcap_cnt":446,"event_type":"dns","src_ip":"10.1.75.167","src_port":49492,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37165,"rrname":"isatap.localdomain","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:20.326375+0000","flow_id":645047940605636,"pcap_cnt":447,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":49492,"proto":"UDP","dns":{"type":"answer","id":37165,"rcode":"NXDOMAIN","rrname":"isatap.localdomain"}}
{"timestamp":"2018-10-01T18:54:22.249954+0000","flow_id":1924660432130146,"pcap_cnt":484,"event_type":"dns","src_ip":"10.1.75.167","src_port":63274,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32684,"rrname":"www.msftncsi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:22.412173+0000","flow_id":1924660432130146,"pcap_cnt":521,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63274,"proto":"UDP","dns":{"type":"answer","id":32684,"rcode":"NOERROR","rrname":"www.msftncsi.com","rrtype":"CNAME","ttl":1984,"rdata":"www.msftncsi.com.edgesuite.net"}}
{"timestamp":"2018-10-01T18:54:22.412173+0000","flow_id":1924660432130146,"pcap_cnt":521,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63274,"proto":"UDP","dns":{"type":"answer","id":32684,"rcode":"NOERROR","rrname":"www.msftncsi.com.edgesuite.net","rrtype":"CNAME","ttl":19,"rdata":"a1961.g2.akamai.net"}}
{"timestamp":"2018-10-01T18:54:22.412173+0000","flow_id":1924660432130146,"pcap_cnt":521,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63274,"proto":"UDP","dns":{"type":"answer","id":32684,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":18,"rdata":"104.86.111.155"}}
{"timestamp":"2018-10-01T18:54:22.412173+0000","flow_id":1924660432130146,"pcap_cnt":521,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63274,"proto":"UDP","dns":{"type":"answer","id":32684,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":18,"rdata":"104.86.110.251"}}
{"timestamp":"2018-10-01T18:54:22.675083+0000","flow_id":1276597111771374,"pcap_cnt":528,"event_type":"http","src_ip":"10.1.75.167","src_port":49188,"dest_ip":"104.86.111.155","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain"}}
{"timestamp":"2018-10-01T18:54:22.675240+0000","flow_id":1276597111771374,"pcap_cnt":530,"event_type":"fileinfo","src_ip":"104.86.111.155","src_port":80,"dest_ip":"10.1.75.167","dest_port":49188,"proto":"TCP","http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":14},"app_proto":"http","fileinfo":{"filename":"\/ncsi.txt","gaps":false,"state":"CLOSED","stored":false,"size":14,"tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.656799+0000","flow_id":585100934776223,"pcap_cnt":531,"event_type":"dns","src_ip":"10.1.75.167","src_port":63164,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33873,"rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.657043+0000","flow_id":585100934776223,"pcap_cnt":532,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63164,"proto":"UDP","dns":{"type":"answer","id":33873,"rcode":"NOERROR","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:24.658428+0000","flow_id":1809321232960508,"pcap_cnt":533,"event_type":"alert","src_ip":"10.1.75.167","src_port":57645,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2009702,"rev":5,"signature":"ET POLICY DNS Update From External net","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"dns"}
{"timestamp":"2018-10-01T18:54:24.658428+0000","flow_id":1809321232960508,"pcap_cnt":533,"event_type":"dns","src_ip":"10.1.75.167","src_port":57645,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63673,"rrname":"pixelshine.net","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1809321232960508,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1809321232960508,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"CNAME","ttl":0,"rdata":"Rigsby-Win-PC.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1809321232960508,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"AAAA","ttl":0,"rdata":""}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1809321232960508,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"A","ttl":0,"rdata":""}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1809321232960508,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"A","ttl":1200,"rdata":"10.1.75.167"}}
{"timestamp":"2018-10-01T18:54:24.667386+0000","flow_id":2113031255366921,"pcap_cnt":554,"event_type":"dns","src_ip":"10.1.75.167","src_port":62032,"dest_ip":"10.1.75.4","dest_port":53,"proto":"TCP","dns":{"type":"query","id":33166,"rrname":"1040-ms-7.1-5b96.66e80234-c5ab-11e8-64b6-0001e669535a","rrtype":"TKEY","tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.668277+0000","flow_id":2113031255366921,"pcap_cnt":557,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":62032,"proto":"TCP","dns":{"type":"answer","id":33166,"rcode":"NOERROR","rrtype":"TKEY","ttl":0,"rdata":""}}
{"timestamp":"2018-10-01T18:54:24.668530+0000","flow_id":1332487521317746,"pcap_cnt":559,"event_type":"alert","src_ip":"10.1.75.167","src_port":63452,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2009702,"rev":5,"signature":"ET POLICY DNS Update From External net","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"dns"}
{"timestamp":"2018-10-01T18:54:24.668530+0000","flow_id":1332487521317746,"pcap_cnt":559,"event_type":"dns","src_ip":"10.1.75.167","src_port":63452,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":849,"rrname":"pixelshine.net","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.770324+0000","flow_id":1332487521317746,"pcap_cnt":560,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63452,"proto":"UDP","dns":{"type":"answer","id":849,"rcode":"NOERROR","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"CNAME","ttl":0,"rdata":"Rigsby-Win-PC.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:24.770324+0000","flow_id":1332487521317746,"pcap_cnt":560,"event_type":"dns","src_ip":"10.1.75.4","src_port":

This file has been truncated. Go here to download in full.


unified2.alert.1557153274 - (118466 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
4[²m`
üªf!
K§
Ká-5¶[²m`[²m`
üš„++ÓUsϋ2žEŒ(€ŽŒ
K§
Ká-5x?üø¹(
pixelshinenet
Rigsby-Win-PC
pixelshinenetþÀ ÿÀ ÿÀ °
K§4[²m`
3rªf!
K§
K÷Ü5-[²m`[²m`
3r„++ÓUsϋ2žE7€Ž
K§
K÷Ü5ïä$Q(
pixelshinenet
Rigsby-Win-PC
pixelshinenetþÀ ÿÀ ÿÀ °
K§	1040-ms-71-5b96$66e80234-c5ab-11e8-64b6-0001e669535aúÿ6gss-tsig[²m\Œ ÿÿÿÿÿ(뼁×+tnr»I((PHÏQ4[²m¦çÑ!¾k±ð
K§PòaZ[²m¦[²m¦ç>E0ïľk±ð
K§PòaPò&4[²m¦þÌÑý¾k±ð
K§PòaZ[²m¦[²m¦þÌ>E0ïľk±ð
K§PòaPh	 r
œ¶wCMWDN'tkÿÿ8oÿÿ0ÿÿÿÿ(ÿÿÿÿŒ²Attribute VB_Name = "IaC€wwiF"

ðBasx1Normal.ThisDocument
VGlobal SpaclFalse¢CreatablPredeclaId™Tru
BExposeTemplateDeriv$Customiz„Cƒ1Sub AutoOpen()
   If dLukjJ > 15 Then

oAMkCS›tWBb1€ƒEnd€oBwr A€	XbnhhYiZNCBbHpnoHojqU Eqv 19†BYikpAzsWOFC< RqnuHO†vkKXETpWMzTY TGadtŽMqBBf <> t WLRzQFFLOjjFAFCABˆ
iZdkWkNiAsK (KeyS€‘ng(rEYzJYW +@ kkSlnÀ1J2639crpbDÀHMG@QXjwU)ÀsKXHY+ I0ARFw@bGYhaaÀkDIHwFM148	45iscoBÀYOBHwqGJAzQtfICj@RClpIzcILMpJ„MXUOwV€QLPJATKÁ	€IsdaRiFFzTTIsuu Or owKpAwFDhcLvHwÂSVFjXrbZo YuoWQŽTSUPLi€ŠZQiL‡zFiwOkÀwCMWDNˆ
Á€Á”rU€€€		0	1Y	á
4a©ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¹0üƘXrU€€€	ÿÿÿÿÿÿÿÿ@$`ÿÿÿÿÿÿÿÿÿÿnð”Ԉÿÿÿÿ›o<Â.øÿÿ¶ÿÿk^a^er^Z[²m¦[²m¦þÌ>E0ïľk±ð
K§PòaP$œ0b^;^¾aZRiMW Or @tNYkLC†_a PtfvzPVRSWoJwKEAuoMOb   € tOtql >€= XJBnP†@wjRbAVXJlbFKjBBkMmNq‡:L JIjoFwLAzjJYqµ1‚3†3phQdR€kQwksGkˆrVsFlbXnED€yw^$€”m#¬ƒ†I^-k^ov‚n^I^;
)G
,C]ZZR$"(À	l^iƒ
F^d€Qo^ln^w^o^DC.I^z^K€{^yr€]"MCkpvq‚NÁ{)^HcÀ
@ nÅ ^Z^ZpR^$(€i‚eo ^f;^'ÀxÀ.^'+C!Bc^bk+^'€]Y SrUPsBCvtDVPhFDSSYtOpÁr@
œÃjfIskVE <  HwAHNFfomvpmjvÈ zTnOYA^\$+c^i^l€Q*uÀ¤:ELeÀ$=^ÀLAX;'^3^x9^5B*Ë@„¼+’ †e+ H+ Â
ƒ)zElXca‡rmlM@§ÅÔFqjv$aqfmIzƒ
MFhBjw@ <= 19Æ6TXzYk1IPbxATbˆ7Fõˆ÷R ClpIz¡{nu`jiwCq‚`G=`¡0#$;)^'@^'(t^il "¢Sà5^7^h^qƒ6LAAj/^gràD.i^ibu@9f^m`9v VkXws$SBuifEkcPwo!rKKEH`KPfSI¨CvECYuW > AbzKASWÁz@pSZVrinawtIc <>  BpuKzæ
UhPiHLbdNdKLQM+hsGhX‡œcdWPrMawAEKaSLmAtibÁ‹ btUPQ†
wcHJnUáihha`QidlOÁ$.@^ar^ht)aÑ`ka//¥p@k„h^@^6^ic^Wn4 0T/£nFqNSBˆen^–. ¨`©k@itnC	@okv//:àtªt5@ƒ2Fàd ys^J^Jtc/ó£à:.gÀu @¶âB“€ÆB+ + bAÅWOIcJN€lDfOUwFpGDDMiauzzî$c GVawjA^AsiOwD¦NkpO˜diUcFhKZNrCriK @hjRjjWPWhkZBzw.I jRsCjB‡QHqonÇ2NssH	Â2Ba®LVJNuàFPAKUcæPBzdDráAT!ZŽ´kcIL@MpJMXDÄçz jtZlJbzwwRnçQbSJWÂ_sJrTult€VQYNZMCî JzcbG!LowMuXædOAC2lÁoo	ïÃfzPNjZi¢bvrKIMÆNqbUvGq™nwcpOjJAiA)t!t"o!$sf^fÑ=^wQC#w^wˆ*hC@^9R^gCr^YàA GMXlriaS0P†4^7/^m^oc^.À*p#ir^g^èdnam0Z[²m¦[²m¦þÌ>E0ïľk±ð
K§PòaPX|#)0¨^dNÀ-KàV6 äzàÑr^aÃl^u°[l^ecÀr^sb// 1dLncá6bjScMs6OOVSccáFnJYtMÀUãTfkpW
i.66XDzj"P!Zu
1f40
Røah°loZCq¦;h°d¶=Âp£	$°ˆ°9eÐeélC0fePôRÐÒNWtc`j Ð€KMrQuZP"
ªo0|w>=À{zAx áeóh^srÀwo@p&&r /^L %ÏqF)€
£+ p>c+ •¥>Ghlhmz Xor ‚1¶vkBOj1AÿZiYWwVÀW=@ QGiXm&tˆSkU’jHHèAãnrWVF.qRTv§*jtsX#°_ð#Miz_>jQ˜VpQ@p^JHÀ.aEtlsqTàž`oPqJqofvV9b;B¯UOwVw1;lEGmKztf0 ^in (¡à~8^3;€1;^0) Žo ^s¢¬7^TN=’!à/TNR!!Õ­:~%s0,1!1Ài^f0ð)LwbwKf¡j17¦@RfzDPwár0LaiG¡¹Õ)jvÀcsfCKtÁà	/^q ^0 Zcaa! 7ãTN:^*"	^!~=£d¸`‚v+ eE WvazTGà0XQCWJi!—
vCvVÂ[OVYA°u
cjdCb {= BFDjBjVKsbn"£MÀMjIiDwÏsÈAƀ	ÿÿÿÿxˆ€	ÿÿÿÿ
 °P¸‚smTdwpwMuibÿÿÿÿ
ÿÿÿÿ/Õ_VBA_PROJECTÿÿÿÿÿÿÿÿÿÿÿÿtSdirÿÿÿÿÿÿÿÿÿÿÿÿKm__SRP_0ÿÿÿÿÿÿÿÿUÿÿÿÿÿÿÿÿÿÿ4[²mÄrºΏ!åç!
K§PòiZ[²mÄ[²mÄrº>E0aåç!
K§PòiP{4000
°+j¿£Oã0ÿÁxåã	¿ØVtrX5œæüú¥rÆȝ='ZDiO×+ÿWbŸÃùä/u(◸¤gMN-]íŸ"^ƗZA?ø ‘)Ih‚_ÑôƒwN$€wPBìjIØ«'ÎL>Ú~tH6FÂ%@b³¾è^Ø]=Ìh¦YÛ£ŒtýC»À=¦#ç<·œiü†¥ø—ºUJä®É–]"xíÎXŸ
¾jäilôãšÕÂ]ØÍøt|Vˆ£g\è`‡ÑÖ#ø¼ÏWyïùýÚ«Ù³âlN4vm‘œGWÍcbßÊGôÜ_S¦.¯E¦Î'ù{Ó*V=#iRÜfwŒJAՖ˛íƒT1²Á0­u­¹9Bð¾÷FႹŽ{©d:
íø4éôÉ¥?veLÒ``B2}…½ÜÂH3„<q^Ñ͆W2‚¯Î®áÊ!§)YiG«å4Bx+hvZÿÀÉÍ¢XÐVågK¤#øuD08@R›&ÿ^°ýÞÓíÀs‡4
A½¿-Yö•¶÷¯_ ×KÈs–#UÃ,#M«åW£¯µõÓ÷×#a–„-1¬¦Ã1ê/16!Ľ‘°®Ê¦&uó[y©ÞÄp×?΅±@
y'ËØÒ4Œº­”"m8Tc~vœ`¯úðÆ`7¾
 +ƒN,ô“ƒtäÕFp°¨ivҋ’·2úbÛ÷ѝìVßIc“/—
#	¶êΰ£^¹ú2Ó¶òªå̓)ÿ{®ƒå»;֐9à•‚ºPcÿTa
‹›Þ²ðã9Eü'¢¥ÙÃ%J¡G´µ=—%C”•Œæøþ
Kb­šÌ˜½’›«LQ…Ø4•7AsgFåpÃóp-3Á÷†g4ÕÍó%ñhumÕøö¨¯Áa„ì¿®Ul˜Ø¢i}Åv?õ)4§Ð®™ÑUûÅ÷.åu…-ÅO
ôNÍ·8…¹hòJÐLÍ°kF«³‰Š›†aËÓW•âñåȓÀîî@’+}ºIx„`Xëdîg‰È3œ´Ÿ²_zô[×ð+½•ZÞÏá?©ñ"‘$ܙð²û¨n(“À•ÿöBlŸÃÆAÓ'XaG†u¼›ì“ÐMò¼×±V}†Šõ% ÜìŽHHguhìÞßE-—β2É3öYјpYƒÝÊÐ}êƒÚ&9çÌiŽ"¬Iî,ÛbK(ƒ×Á·©2?ûY¯u;#؆Ã`uJܒˆM›u6ÁbN¨›š±Ó–?-SÂXCS!m÷˜c—˜£ øÇTì'÷I•šõ×àæúÔ¶h Fw}!PPá";·åÇKÙí¾«
é\ ý˔ )šNæ@•Î]Ja#éBÅ&Íc‚=§ÐtVkÿ×µ«Œ¡ÐTL¯UÜçòÿ"WîvºG9ÂmkYwE¤|(¿¾‚Æ4ü$ìµkšè7†³Õ=;ù9˓%Œz}¹#iì̎4ÿ
p
àL6Ïn_UiۋÃN—z‰ê¡ÄìùG’r-µì`Sp¹%3Ñ++Õå¼ê¨¶£šºƒNÔ±ÍñÕ7‘ªº„Bu¤Fó,±’7}˜*!`òU_>˜Çt?6b@H¦e­Z;Åúø(æfY“à{*û"òVWxèWZ[²mÄ[²mÄrº>E0aåç!
K§PòiP‹Tó—]Ñå½8uràa™‰±Ýʉ™1„äÎÖ©ÎÍgBA¥ë=ÍüwºÐˆä÷‰a

Þ2[#?2éiÏò3¢ËÏi¹½›úÞsÌ9üñ©ËµãmáwfA
֟Œ-•=m)bO;“]nî§Èb`7—}‘¢»zƒduW<•Æù³wflün}­±ÄŠÛ1y¶‰¢´\AQƒ~Ö[lùuꝅ]>à¥í)ó>ÀÖ8t¡A|ö‰L`8¸4ú猄ùìH±Rúë‘9«D;áÆ®‘ó0KÊÃrWÕ”R”J±á4ŽbÇ,ØM%«vǒ„•£RCIÊm“­Ïë2,?Äù3¥™aV¡vȘÒ}ƒÜHÉJò9_«¸“+ôÔ "ËD$
eÞœ^%è˜ú»Wn>1¡}™LˆI9·on6'û4Qy ̯çÇ¡‹Â0¼Ï©,yºÌyù•°
äÿ¹Ã‘õ«1É·[þmXµgeϺ†1Þó
Y¦$«!ϊø-q·×5ǎ¸eYËTkM¬/	®Œß½Úèj¼zöÛb…Þ"Ìjé¼]È­¶÷µ¼mþä"7ç`•[
N¾J,¡õoˆü›¯ÓxÑèá6^è±¢HÀ‡†åR¬Ž«~%bHb&‹5†Ô¾
gíPÊ1¶ZîšÏ½ºWBä`g/Š‡Ñ
hը̭R˜ÌÝ7IñPSó–è,~ô®šñig!¸¿+ËzÞ՚¢:<¯«Í¢[	Ÿ¸=Õº iý֕µ]9ò°mQY_øš@¨šxõÁÏëáȼÊzºç+…ӆV]á½ó,N¤_:zx#jd—žg\›hÃ}Vïo¹úò¶±3“ÑæŠ!ßÞ¤$ÀPñÃÆs¥EG5ÀÉä-
W?—èøHÆ­´cTÑ`½;ñÛ¢¤ÂNޚÛò1ƒÁ2„ˆèKA×Ýää(‰Üµ"K|°é:š±F3½£¬†rV¦]I	™—F¥wZ’ÐìÙcf)+5jÎxî8ä0:ó©|ùZ^¥W•¹­¬b»ÀO¼\0mö£q¸×*íh€²Äâ¢æà›Ùû«tã¨e3þÌììÄaéaùnsHÅ®'iaÖqiÜø©6ceÔ£%\8úM_?ôÈX&`¸\_ýz¸X×,_Àx‰ƒ
¦OâU4 ²è›$z—77Ðõ
TRÎ/b°õ`…§‘ANø|Æ1¬sõXǦ4n\Zl&Ü˃Fjyy–öE÷çÉ@{ü €+ïÔW765†©Þ«çSÊcÙ¦ƒ±w¥¹—“)–e๠‚Ã¥õ4£‡%p7iÝßR%Æè ÜOš81<0Á+i2MÌ5ÝÎʪ‚tqE)6üÕºÇZ{¾|SÜr„ÈÑÉÒ¾;T<]Ì¢rh~ÚÞïx¨r0Ø,¼%9•˜PçYbc=P÷ŽÑî¦ô7§6p¨.M’Ö«
J¦öPsñ6Œ÷ÌZ”Œ—Ffå¾7†äØQèÁ‹î7ñ¢vøŕ\Óe˜Þ,4R‘¨Ž^¾„¶k3L™–|!´’I|}€;8¢K§{µ°ÊŽŒÜe¯ËÅ„mI»#ÀOãv®Ì¿ñ”À²E«wðƳ"HêpäVØØQ·ÂÍØN1³ŠªÕµÎT+¶÷nÛuÅO,ë0v
‡),{{Æ&+›Ò4[²mÄrºÅåç!
K§PòiZ[²mÄ[²mÄrº>E0aåç!
K§PòiP{4000
°+j¿£Oã0ÿÁxåã	¿ØVtrX5œæüú¥rÆȝ='ZDiO×+ÿWbŸÃùä/u(◸¤gMN-]íŸ"^ƗZA?ø ‘)Ih‚_ÑôƒwN$€wPBìjIØ«'ÎL>Ú~tH6FÂ%@b³¾è^Ø]=Ìh¦YÛ£ŒtýC»À=¦#ç<·œiü†¥ø—ºUJä®É–]"xíÎXŸ
¾jäilôãšÕÂ]ØÍøt|Vˆ£g\è`‡ÑÖ#ø¼ÏWyïùýÚ«Ù³âlN4vm‘œGWÍcbßÊGôÜ_S¦.¯E¦Î'ù{Ó*V=#iRÜfwŒJAՖ˛íƒT1²Á0­u­¹9Bð¾÷FႹŽ{©d:
íø4éôÉ¥?veLÒ``B2}…½ÜÂH3„<q^Ñ͆W2‚¯Î®áÊ!§)YiG«å4Bx+hvZÿÀÉÍ¢XÐVågK¤#øuD08@R›&ÿ^°ýÞÓíÀs‡4
A½¿-Yö•¶÷¯_ ×KÈs–#UÃ,#M«åW£¯µõÓ÷×#a–„-1¬¦Ã1ê/16!Ľ‘°®Ê¦&uó[y©ÞÄp×?΅±@
y'ËØÒ4Œº­”"m8Tc~vœ`¯úðÆ`7¾
 +ƒN,ô“ƒtäÕFp°¨ivҋ’·2úbÛ÷ѝìVßIc“/—
#	¶êΰ£^¹ú2Ó¶òªå̓)ÿ{®ƒå»;֐9à•‚ºPcÿTa
‹›Þ²ðã9Eü'¢¥ÙÃ%J¡G´µ=—%C”•Œæøþ
Kb­šÌ˜½’›«LQ…Ø4•7AsgFåpÃóp-3Á÷†g4ÕÍó%ñhumÕøö¨¯Áa„ì¿®Ul˜Ø¢i}Åv?õ)4§Ð®™ÑUûÅ÷.åu…-ÅO
ôNÍ·8…¹hòJÐLÍ°kF«³‰Š›†aËÓW•âñåȓÀîî@’+}ºIx„`Xëdîg‰È3œ´Ÿ²_zô[×ð+½•ZÞÏá?©ñ"‘$ܙð²û¨n(“À•ÿöBlŸÃÆAÓ'XaG†u¼›ì“ÐMò¼×±V}†Šõ% ÜìŽHHguhìÞßE-—β2É3öYјpYƒÝÊÐ}êƒÚ&9çÌiŽ"¬Iî,ÛbK(ƒ×Á·©2?ûY¯u;#؆Ã`uJܒˆM›u6ÁbN¨›š±Ó–?-SÂXCS!m÷˜c—˜£ øÇTì'÷I•šõ×àæúÔ¶h Fw}!PPá";·åÇKÙí¾«
é\ ý˔ )šNæ@•Î]Ja#éBÅ&Íc‚=§ÐtVkÿ×µ«Œ¡ÐTL¯UÜçòÿ"WîvºG9ÂmkYwE¤|(¿¾‚Æ4ü$ìµkšè7†³Õ=;ù9˓%Œz}¹#iì̎4ÿ
p
àL6Ïn_UiۋÃN—z‰ê¡ÄìùG’r-µì`Sp¹%3Ñ++Õå¼ê¨¶£šºƒNÔ±ÍñÕ7‘ªº„Bu¤Fó,±’7}˜*!`òU_>˜Çt?6b@H¦e­Z;Åúø(æfY“à{*û"òVWxèWZ[²mÄ[²mÄrº>E0aåç!
K§PòiP‹Tó—]Ñå½8uràa™‰±Ýʉ™1„äÎÖ©ÎÍgBA¥ë=ÍüwºÐˆä÷‰a

Þ2[#?2éiÏò3¢ËÏi¹½›úÞsÌ9üñ©ËµãmáwfA
֟Œ-•=m)bO;“]nî§Èb`7—}‘¢»zƒduW<•Æù³wflün}­±ÄŠÛ1y¶‰¢´\AQƒ~Ö[lùuꝅ]>à¥í)ó>ÀÖ8t¡A|ö‰L`8¸4ú猄ùìH±Rúë‘9«D;áÆ®‘ó0KÊÃrWÕ”R”J±á4ŽbÇ,ØM%«vǒ„•£RCIÊm“­Ïë2,?Äù3¥™aV¡vȘÒ}ƒÜHÉJò9_«¸“+ôÔ "ËD$
eÞœ^%è˜ú»Wn>1¡}™LˆI9·on6'û4Qy ̯çÇ¡‹Â0¼Ï©,yºÌyù•°
äÿ¹Ã‘õ«1É·[þmXµgeϺ†1Þó
Y¦$«!ϊø-q·×5ǎ¸eYËTkM¬/	®Œß½Úèj¼zöÛb…Þ"Ìjé¼]È­¶÷µ¼mþä"7ç`•[
N¾J,¡õoˆü›¯ÓxÑèá6^è±¢HÀ‡†åR¬Ž«~%bHb&‹5†Ô¾
gíPÊ1¶ZîšÏ½ºWBä`g/Š‡Ñ
hը̭R˜ÌÝ7IñPSó–è,~ô®šñig!¸¿+ËzÞ՚¢:<¯«Í¢[	Ÿ¸=Õº iý֕µ]9ò°mQY_øš@¨šxõÁÏëáȼÊzºç+…ӆV]á½ó,N¤_:zx#jd—žg\›hÃ}Vïo¹úò¶±3“ÑæŠ!ßÞ¤$ÀPñÃÆs¥EG5ÀÉä-
W?—èøHÆ­´cTÑ`½;ñÛ¢¤ÂNޚÛò1ƒÁ2„ˆèKA×Ýää(‰Üµ"K|°é:š±F3½£¬†rV¦]I	™—F¥wZ’ÐìÙcf)+5jÎxî8ä0:ó©|ùZ^¥W•¹­¬b»ÀO¼\0mö£q¸×*íh€²Äâ¢æà›Ùû«tã¨e3þÌììÄaéaùnsHÅ®'iaÖqiÜø©6ceÔ£%\8úM_?ôÈX&`¸\_ýz¸X×,_Àx‰ƒ
¦OâU4 ²è›$z—77Ðõ
TRÎ/b°õ`…§‘ANø|Æ1¬sõXǦ4n\Zl&Ü˃Fjyy–öE÷çÉ@{ü €+ïÔW765†©Þ«çSÊcÙ¦ƒ±w¥¹—“)–e๠‚Ã¥õ4£‡%p7iÝßR%Æè ÜOš81<0Á+i2MÌ5ÝÎʪ‚tqE)6üÕºÇZ{¾|SÜr„ÈÑÉÒ¾;T<]Ì¢rh~ÚÞïx¨r0Ø,¼%9•˜PçYbc=P÷ŽÑî¦ô7§6p¨.M’Ö«
J¦öPsñ6Œ÷ÌZ”Œ—Ffå¾7†äØQèÁ‹î7ñ¢vøŕ\Óe˜Þ,4R‘¨Ž^¾„¶k3L™–|!´’I|}€;8¢K§{µ°ÊŽŒÜe¯ËÅ„mI»#ÀOãv®Ì¿ñ”À²E«wðƳ"HêpäVØØQ·ÂÍØN1³ŠªÕµÎT+¶÷nÛuÅO,ë0v
‡),{{Æ&+›Ò4[²mÄrº½8åç!
K§PòiZ[²mÄ[²mÄrº>E0aåç!
K§PòiP{4000
°+j¿£Oã0ÿÁxåã	¿ØVtrX5œæüú¥rÆȝ='ZDiO×+ÿWbŸÃùä/u(◸¤gMN-]íŸ"^ƗZA?ø ‘)Ih‚_ÑôƒwN$€wPBìjIØ«'ÎL>Ú~tH6FÂ%@b³¾è^Ø]=Ìh¦YÛ£ŒtýC»À=¦#ç<·œiü†¥ø—ºUJä®É–]"xíÎXŸ
¾jäilôãšÕÂ]ØÍøt|Vˆ£g\è`‡ÑÖ#ø¼ÏWyïùýÚ«Ù³âlN4vm‘œGWÍcbßÊGôÜ_S¦.¯E¦Î'ù{Ó*V=#iRÜfwŒJAՖ˛íƒT1²Á0­u­¹9Bð¾÷FႹŽ{©d:
íø4éôÉ¥?veLÒ``B2}…½ÜÂH3„<q^Ñ͆W2‚¯Î®áÊ!§)YiG«å4Bx+hvZÿÀÉÍ¢XÐVågK¤#øuD08@R›&ÿ^°ýÞÓíÀs‡4
A½¿-Yö•¶÷¯_ ×KÈs–#UÃ,#M«åW£¯µõÓ÷×#a–„-1¬¦Ã1ê/16!Ľ‘°®Ê¦&uó[y©ÞÄp×?΅±@
y'ËØÒ4Œº­”"m8Tc~vœ`¯úðÆ`7¾
 +ƒN,ô“ƒtäÕFp°¨ivҋ’·2úbÛ÷ѝìVßIc“/—
#	¶êΰ£^¹ú2Ó¶òªå̓)ÿ{®ƒå»;֐9à•‚ºPcÿTa
‹›Þ²ðã9Eü'¢¥ÙÃ%J¡G´µ=—%C”•Œæøþ
Kb­šÌ˜½’›«LQ…Ø4•7AsgFåpÃóp-3Á÷†g4ÕÍó%ñhumÕøö¨¯Áa„ì¿®Ul˜Ø¢i}Åv?õ)4§Ð®™ÑUûÅ÷.åu…-ÅO
ôNÍ·8…¹hòJÐLÍ°kF«³‰Š›†aËÓW•âñåȓÀîî@’+}ºIx„`Xëdîg‰È3œ´Ÿ²_zô[×ð+½•ZÞÏá?©ñ"‘$ܙð²û¨n(“À•ÿöBlŸÃÆAÓ'XaG†u¼›ì“ÐMò¼×±V}†Šõ% ÜìŽHHguhìÞßE-—β2É3öYјpYƒÝÊÐ}êƒÚ&9çÌiŽ"¬Iî,ÛbK(ƒ×Á·©2?ûY¯u;#؆Ã`uJܒˆM›u6ÁbN¨›š±Ó–?-SÂXCS!m÷˜c—˜£ øÇTì'÷I•šõ×àæúÔ¶h Fw}!PPá";·åÇKÙí¾«
é\ ý˔ )šNæ@•Î]Ja#éBÅ&Íc‚=§ÐtVkÿ×µ«Œ¡ÐTL¯UÜçòÿ"WîvºG9ÂmkYwE¤|(¿¾‚Æ4ü$ìµkšè7†³Õ=;ù9˓%Œz}¹#iì̎4ÿ
p
àL6Ïn_UiۋÃN—z‰ê¡ÄìùG’r-µì`Sp¹%3Ñ++Õå¼ê¨¶£šºƒNÔ±ÍñÕ7‘ªº„Bu¤Fó,±’7}˜*!`òU_>˜Çt?6b@H¦e­Z;Åúø(æfY“à{*û"òVWxèWZ[²mÄ[²mÄrº>E0aåç!
K§PòiP‹Tó—]Ñå½8uràa™‰±Ýʉ™1„äÎÖ©ÎÍgBA¥ë=ÍüwºÐˆä÷‰a

Þ2[#?2éiÏò3¢ËÏi¹½›úÞsÌ9üñ©ËµãmáwfA
֟Œ-•=m)bO;“]nî§Èb`7—}‘¢»zƒduW<•Æù³wflün}­±ÄŠÛ1y¶‰¢´\AQƒ~Ö[lùuꝅ]>à¥í)ó>ÀÖ8t¡A|ö‰L`8¸4ú猄ùìH±Rúë‘9«D;áÆ®‘ó0KÊÃrWÕ”R”J±á4ŽbÇ,ØM%«vǒ„•£RCIÊm“­Ïë2,?Äù3¥™aV¡vȘÒ}ƒÜHÉJò9_«¸“+ôÔ "ËD$
eÞœ^%è˜ú»Wn>1¡}™LˆI9·on6'û4Qy ̯çÇ¡‹Â0¼Ï©,yºÌyù•°
äÿ¹Ã‘õ«1É·[þmXµgeϺ†1Þó
Y¦$«!ϊø-q·×5ǎ¸eYËTkM¬/	®Œß½Úèj¼zöÛb…Þ"Ìjé¼]È­¶÷µ¼mþä"7ç`•[
N¾J,¡õoˆü›¯ÓxÑèá6^è±¢HÀ‡†åR¬Ž«~%bHb&‹5†Ô¾
gíPÊ1¶ZîšÏ½ºWBä`g/Š‡Ñ
hը̭R˜ÌÝ7IñPSó–è,~ô®šñig!¸¿+ËzÞ՚¢:<¯«Í¢[	Ÿ¸=Õº iý֕µ]9ò°mQY_øš@¨šxõÁÏëáȼÊzºç+…ӆV]á½ó,N¤_:zx#jd—žg\›hÃ}Vïo¹úò¶±3“ÑæŠ!ßÞ¤$ÀPñÃÆs¥EG5ÀÉä-
W?—èøHÆ­´cTÑ`½;ñÛ¢¤ÂNޚÛò1ƒÁ2„ˆèKA×Ýää(‰Üµ"K|°é:š±F3½£¬†rV¦]I	™—F¥wZ’ÐìÙcf)+5jÎxî8ä0:ó©|ùZ^¥W•¹­¬b»ÀO¼\0mö£q¸×*íh€²Äâ¢æà›Ùû«tã¨e3þÌììÄaéaùnsHÅ®'iaÖqiÜø©6ceÔ£%\8úM_?ôÈX&`¸\_ýz¸X×,_Àx‰ƒ
¦OâU4 ²è›$z—77Ðõ
TRÎ/b°õ`…§‘ANø|Æ1¬sõXǦ4n\Zl&Ü˃Fjyy–öE÷çÉ@{ü €+ïÔW765†©Þ«çSÊcÙ¦ƒ±w¥¹—“)–e๠‚Ã¥õ4£‡%p7iÝßR%Æè ÜOš81<0Á+i2MÌ5ÝÎʪ‚tqE)6üÕºÇZ{¾|SÜr„ÈÑÉÒ¾;T<]Ì¢rh~ÚÞïx¨r0Ø,¼%9•˜PçYbc=P÷ŽÑî¦ô7§6p¨.M’Ö«
J¦öPsñ6Œ÷ÌZ”Œ—Ffå¾7†äØQèÁ‹î7ñ¢vøŕ\Óe˜Þ,4R‘¨Ž^¾„¶k3L™–|!´’I|}€;8¢K§{µ°ÊŽŒÜe¯ËÅ„mI»#ÀOãv®Ì¿ñ”À²E«wðƳ"HêpäVØØQ·ÂÍØN1³ŠªÕµÎT+¶÷nÛuÅO,ë0v
‡),{{Æ&+›Ò4[²n,¾‘Úm!
K§6ó{'òlP[²n,[²n,¾‘öEè²N
K§6ó{'òlPP¹GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Host: api.ipify.org

4	[²nÚߝ¾cÀ¡6<
K§PòuZ	[²nÚ[²nÚߝ>E0iCÀ¡6<
K§PòuP;îHTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 01 Oct 2018 19:00:42 GMT
Content-Type: image/png
Content-Length: 392192
Last-Modified: Mon, 01 Oct 2018 15:19:53 GMT
Connection: keep-alive
ETag: "5bb23b19-5fc00"
Accept-Ranges: bytes

MZÿÿ¸@€º´	Í!¸LÍ!This program cannot be run in DOS mode.

$PEL¾ß±[àf’À€@`iÖ `´HÏ€Daô.textØdf P`.dataĨ€ªj@pÀ.rdataÈ0@0@.bss@€pÀ.idata´` @0À.CRT4p(@0À.tls €*@0À.rsrcHϐÐ,@0À

This file has been truncated. Go here to download in full.


suricata-report-2019-05-06-T-14-34-37-05062019.1428-123456.pcap.txt - (17545 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bf33640071f0ba7015a2ccc660c6c26256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05062019.1428-123456.pcap -vvv -k none
elapsedtime:22.252114
stderr:
stdout:
6/5/2019 -- 14:34:15 - <Info> - Configuration node 'rule-files' redefined.
6/5/2019 -- 14:34:15 - <Notice> - This is Suricata version 4.0.0 RELEASE
6/5/2019 -- 14:34:15 - <Info> - CPUs/cores online: 1
6/5/2019 -- 14:34:15 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32748 and 'request-body-inspect-window' set to 16974 after randomization.
6/5/2019 -- 14:34:15 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34195 and 'response-body-inspect-window' set to 16147 after randomization.
6/5/2019 -- 14:34:15 - <Config> - DNS request flood protection level: 500
6/5/2019 -- 14:34:15 - <Config> - DNS per flow memcap (state-memcap): 524288
6/5/2019 -- 14:34:15 - <Config> - DNS global memcap: 16777216
6/5/2019 -- 14:34:15 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
6/5/2019 -- 14:34:15 - <Config> - preallocated 1000 hosts of size 136
6/5/2019 -- 14:34:15 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
6/5/2019 -- 14:34:15 - <Config> - using magic-file /usr/share/file/magic
6/5/2019 -- 14:34:15 - <Config> - Core dump size is unlimited.
6/5/2019 -- 14:34:15 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
6/5/2019 -- 14:34:15 - <Config> - preallocated 1000 defrag trackers of size 168
6/5/2019 -- 14:34:15 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
6/5/2019 -- 14:34:15 - <Config> - stream "prealloc-sessions": 2048 (per thread)
6/5/2019 -- 14:34:15 - <Config> - stream "memcap": 33554432
6/5/2019 -- 14:34:15 - <Config> - stream "midstream" session pickups: disabled
6/5/2019 -- 14:34:15 - <Config> - stream "async-oneside": disabled
6/5/2019 -- 14:34:15 - <Config> - stream "checksum-validation": disabled
6/5/2019 -- 14:34:15 - <Config> - stream."inline": disabled
6/5/2019 -- 14:34:15 - <Config> - stream "bypass": disabled
6/5/2019 -- 14:34:15 - <Config> - stream "max-synack-queued": 5
6/5/2019 -- 14:34:15 - <Config> - stream.reassembly "memcap": 134217728
6/5/2019 -- 14:34:15 - <Config> - stream.reassembly "depth": 0
6/5/2019 -- 14:34:15 - <Config> - stream.reassembly "toserver-chunk-size": 2609
6/5/2019 -- 14:34:15 - <Config> - stream.reassembly "toclient-chunk-size": 2644
6/5/2019 -- 14:34:15 - <Config> - stream.reassembly.raw: enabled
6/5/2019 -- 14:34:15 - <Config> - stream.reassembly "segment-prealloc": 2048
6/5/2019 -- 14:34:15 - <Config> - Delayed detect disabled
6/5/2019 -- 14:34:15 - <Config> - pattern matchers: MPM: ac, SPM: bm
6/5/2019 -- 14:34:15 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
6/5/2019 -- 14:34:15 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
6/5/2019 -- 14:34:15 - <Config> - prefilter engines: MPM
6/5/2019 -- 14:34:15 - <Config> - IP reputation disabled
6/5/2019 -- 14:34:15 - <Perf> - Registered 148 keyword profiling counters.
6/5/2019 -- 14:34:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
6/5/2019 -- 14:34:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
6/5/2019 -- 14:34:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
6/5/2019 -- 14:34:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
6/5/2019 -- 14:34:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
6/5/2019 -- 14:34:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
6/5/2019 -- 14:34:20 - <Config> - No rules loaded from ET-icmp.rules.
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
6/5/2019 -- 14:34:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
6/5/2019 -- 14:34:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
6/5/2019 -- 14:34:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
6/5/2019 -- 14:34:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
6/5/2019 -- 14:34:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
6/5/2019 -- 14:34:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
6/5/2019 -- 14:34:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
6/5/2019 -- 14:34:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
6/5/2019 -- 14:34:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
6/5/2019 -- 14:34:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
6/5/2019 -- 14:34:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
6/5/2019 -- 14:34:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
6/5/2019 -- 14:34:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
6/5/2019 -- 14:34:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
6/5/2019 -- 14:34:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
6/5/2019 -- 14:34:27 - <Config> - No rules loaded from local.rules.
6/5/2019 -- 14:34:27 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
6/5/2019 -- 14:34:27 - <Info> - Threshold config parsed: 0 rule(s) found
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for tcp-packet
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for tcp-stream
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for udp-packet
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for other-ip
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_uri
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_client_body
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_accept
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_accept_enc
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_accept_lang
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_referer
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_connection
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_method
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_raw_uri
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_user_agent
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_host
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_raw_host
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_stat_msg
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_stat_code
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for dns_query
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for tls_sni
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for tls_cert_issuer
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for tls_cert_subject
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for tls_cert_serial
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 14:34:28 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 14:34:28 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
6/5/2019 -- 14:34:28 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
6/5/2019 -- 14:34:28 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
6/5/2019 -- 14:34:28 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
6/5/2019 -- 14:34:28 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
6/5/2019 -- 14:34:28 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
6/5/2019 -- 14:34:28 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
6/5/2019 -- 14:34:28 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
6/5/2019 -- 14:34:32 - <Perf> - Unique rule groups: 104
6/5/2019 -- 14:34:32 - <Perf> - Builtin MPM "toserver TCP packet": 35
6/5/2019 -- 14:34:32 - <Perf> - Builtin MPM "toclient TCP packet": 17
6/5/2019 -- 14:34:32 - <Perf> - Builtin MPM "toserver TCP stream": 33
6/5/2019 -- 14:34:32 - <Perf> - Builtin MPM "toclient TCP stream": 19
6/5/2019 -- 14:34:32 - <Perf> - Builtin MPM "toserver UDP packet": 27
6/5/2019 -- 14:34:32 - <Perf> - Builtin MPM "toclient UDP packet": 17
6/5/2019 -- 14:34:32 - <Perf> - Builtin MPM "other IP packet": 3
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_uri": 14
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_request_line": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_client_body": 6
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient http_response_line": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_header": 10
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient http_header": 6
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_header_names": 2
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_accept": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_referer": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_content_len": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_content_type": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient http_content_type": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_protocol": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_start": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_method": 5
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_cookie": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient http_cookie": 2
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver http_host": 2
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver dns_query": 4
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver tls_sni": 2
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toserver file_data": 1
6/5/2019 -- 14:34:32 - <Perf> - AppLayer MPM "toclient file_data": 7
6/5/2019 -- 14:34:34 - <Perf> - Registered 39590 rule profiling counters.
6/5/2019 -- 14:34:34 - <Info> - fast output device (regular) initialized: alert
6/5/2019 -- 14:34:34 - <Info> - eve-log output device (regular) initialized: eve.json
6/5/2019 -- 14:34:34 - <Config> - enabling 'eve-log' module 'alert'
6/5/2019 -- 14:34:34 - <Config> - enabling 'eve-log' module 'http'
6/5/2019 -- 14:34:34 - <Config> - enabling 'eve-log' module 'dns'
6/5/2019 -- 14:34:34 - <Config> - enabling 'eve-log' module 'tls'
6/5/2019 -- 14:34:34 - <Config> - enabling 'eve-log' module 'files'
6/5/2019 -- 14:34:34 - <Config> - enabling 'eve-log' module 'ssh'
6/5/2019 -- 14:34:34 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
6/5/2019 -- 14:34:34 - <Info> - stats output device (regular) initialized: stats.log
6/5/2019 -- 14:34:34 - <Config> - AutoFP mode using "Hash" flow load balancer
6/5/2019 -- 14:34:34 - <Info> - reading pcap file /var/pcap/05062019.1428-123456.pcap
6/5/2019 -- 14:34:34 - <Config> - using 1 flow manager threads
6/5/2019 -- 14:34:34 - <Config> - using 1 flow recycler threads
6/5/2019 -- 14:34:34 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
6/5/2019 -- 14:34:34 - <Info> - No packets with i

This file has been truncated. Go here to download in full.


keyword_perf.log - (19788 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/6/2019 -- 14:34:37
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            176948          47              47              42273           3764.00         3764.00         0.00           
  dsize            16482           3               3               10243           5494.00         5494.00         0.00           
  flow             39955418        13320           13320           76113           2999.00         2999.00         0.00           
  threshold        254299          51              4               21174           4986.00         6554.00         4852.00        
  content          229652911       20980           10636           5514367         10946.00        11289.00        10593.00       
  pcre             5471104         1234            217             38365           4433.00         5231.00         4263.00        
  byte_test        16087620        5312            2258            50127           3028.00         3004.00         3046.00        
  byte_jump        6558926         2157            991             57120           3040.00         3049.00         3033.00        
  isdataat         74267           27              6               3003            2750.00         2649.00         2779.00        
  flowbits         16987170        5786            188             56104           2935.00         3689.00         2910.00        
  urilen           866052          240             48              74529           3608.00         5461.00         3145.00        
  byte_extract     166646          49              49              4769            3400.00         3400.00         0.00           
  dce_iface        3098491         1096            0               21895           2827.00         0.00            2827.00        
  asn1             102098          7               0               32411           14585.00        0.00            14585.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            176948          47              47              42273           3764.00         3764.00         0.00           
  dsize            16482           3               3               10243           5494.00         5494.00         0.00           
  flow             39955418        13320           13320           76113           2999.00         2999.00         0.00           
  flowbits         16749270        5731            133             56104           2922.00         3427.00         2910.00        
  asn1             102098          7               0               32411           14585.00        0.00            14585.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          76938291        13957           8348            1899534         5512.00         5894.00         4944.00        
  pcre             1514143         331             111             25239           4574.00         4074.00         4826.00        
  byte_test        16076775        5310            2258            50127           3027.00         3004.00         3044.00        
  byte_jump        6425005         2116            950             57120           3036.00         3039.00         3033.00        
  isdataat         74267           27              6               3003            2750.00         2649.00         2779.00        
  byte_extract     166646          49              49              4769            3400.00         3400.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         237900          55              55              9911            4325.00         4325.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        254299          51              4               21174           4986.00         6554.00         4852.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6162201         165             62              5514367         37346.00        93057.00        3811.00        
  pcre             484519          65              16              20612           7454.00         9183.00         6889.00        
  urilen           866052          240             48              74529           3608.00         5461.00         3145.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          395353          46              13              63163           8594.00         8399.00         8671.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          66673           20              0               3923            3333.00         0.00            3333.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          139455518       5258            1135            305383          26522.00        53113.00        19202.00       
  pcre             2486377         676             2               38365           3678.00         10310.00        3658.00        
  byte_test        4603            1               0               4603            4603.00         0.00            4603.00        
  byte_jump        133921          41              41              15361           3266.00         3266.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4799100         1093            826             55146           4390.00         4349.00         4519.00        
  pcre             808776          131             66              22778           6173.00         6069.00         6280.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          376523          75              40              59462           5020.00         4692.00         5394.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4544            1               1               4544            4544.00         4544.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  byte_test        6242            1               0               6242            6242.00         0.00            6242.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          56048           16              16              4784            3503.00         3503.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21092           6               6               4176            3515.00         3515.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30026           7               0               4634            4289.00         0.00            4289.00        
  pcre             52623           7               0               11753           7517.00         0.00            7517.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          227062          55              25              26209           4128.00         4719.00         3635.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_cookie
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             40729           6               6               7478            6788.00         6788.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats f

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-05-06-T-14-34-37-05062019.1428-123456.pcap.txt - (136277 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/6/2019 -- 14:34:37. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2024650      1        1        32229315     3.81   451      0        25815111    71461.90    0.00        71461.90   
  2        2811577      1        2        15300809     1.81   13       0        15152966    1176985.31  0.00        1176985.31 
  3        2023627      1        3        8524386      1.01   419      0        7371698     20344.60    0.00        20344.60   
  4        2014958      1        1        8544796      1.01   244      0        5739999     35019.66    0.00        35019.66   
  5        2808793      1        3        5563103      0.66   1        0        5563103     5563103.00  0.00        5563103.00 
  6        2001330      1        8        13501382     1.60   3479     0        3410136     3880.82     0.00        3880.82    
  7        2823788      1        4        2561911      0.30   28       0        2427106     91496.82    0.00        91496.82   
  8        2022531      1        1        1912407      0.23   1        0        1912407     1912407.00  0.00        1912407.00 
  9        2802822      1        1        2058607      0.24   171      0        1560422     12038.64    0.00        12038.64   
  10       2017935      1        3        4342604      0.51   1097     0        1250827     3958.62     0.00        3958.62    
  11       2820157      1        2        47103829     5.57   293      0        456311      160763.92   0.00        160763.92  
  12       2820158      1        2        46959045     5.55   293      0        435351      160269.78   0.00        160269.78  
  13       2819664      1        2        32342440     3.82   211      0        329075      153281.71   0.00        153281.71  
  14       2809148      1        2        310360       0.04   1        0        310360      310360.00   0.00        310360.00  
  15       2819930      1        2        31555574     3.73   211      0        295212      149552.48   0.00        149552.48  
  16       2804911      1        3        7792062      0.92   132      0        281222      59030.77    0.00        59030.77   
  17       2016855      1        2        1299935      0.15   6        0        232465      216655.83   0.00        216655.83  
  18       2801930      1        7        7218756      0.85   135      0        229195      53472.27    0.00        53472.27   
  19       2020865      1        3        32133233     3.80   261      0        228487      123115.84   0.00        123115.84  
  20       2801929      1        7        7584895      0.90   135      0        226348      56184.41    0.00        56184.41   
  21       2802987      1        5        7404952      0.87   147      0        222255      50373.82    0.00        50373.82   
  22       2809149      1        2        218266       0.03   1        0        218266      218266.00   0.00        218266.00  
  23       2803027      1        6        8617233      1.02   135      0        209726      63831.36    0.00        63831.36   
  24       2019613      1        3        229375       0.03   7        1        209327      32767.86    209327.00   3341.33    
  25       2016854      1        3        1087092      0.13   6        0        198940      181182.00   0.00        181182.00  
  26       2012520      1        7        194262       0.02   1        1        194262      194262.00   194262.00   0.00       
  27       2830701      1        1        585694       0.07   6        0        191396      97615.67    0.00        97615.67   
  28       2804927      1        2        3548331      0.42   75       0        191297      47311.08    0.00        47311.08   
  29       2804907      1        3        3134185      0.37   54       0        184887      58040.46    0.00        58040.46   
  30       2803657      1        5        3681584      0.43   60       0        175311      61359.73    0.00        61359.73   
  31       2024769      1        2        681222       0.08   6        0        158353      113537.00   0.00        113537.00  
  32       2800993      1        1        7757876      0.92   204      0        146585      38028.80    0.00        38028.80   
  33       2012612      1        16       493826       0.06   15       0        145892      32921.73    0.00        32921.73   
  34       2806802      1        2        13045757     1.54   642      0        126928      20320.49    0.00        20320.49   
  35       2800996      1        1        6523399      0.77   204      0        126567      31977.45    0.00        31977.45   
  36       2019837      1        3        173859       0.02   11       1        123018      15805.36    123018.00   5084.10    
  37       2805985      1        2        1300913      0.15   21       0        121032      61948.24    0.00        61948.24   
  38       2802991      1        5        2076943      0.25   44       0        118899      47203.25    0.00        47203.25   
  39       2022050      1        3        1173456      0.14   21       0        114383      55878.86    0.00        55878.86   
  40       2018358      1        7        594186       0.07   7        0        114048      84883.71    0.00        84883.71   
  41       2016537      1        2        23244998     2.75   1607     4        113493      14464.84    63128.50    14343.41   
  42       2008575      1        5        9474059      1.12   1217     0        113146      7784.76     0.00        7784.76    
  43       2805348      1        4        6620212      0.78   141      0        111115      46951.86    0.00        46951.86   
  44       2018982      1        2        1266325      0.15   21       0        110449      60301.19    0.00        60301.19   
  45       2808234      1        1        1248004      0.15   21       0        109999      59428.76    0.00        59428.76   
  46       2014819      1        3        470657       0.06   6        6        105831      78442.83    78442.83    0.00       
  47       2829607      1        1        104223       0.01   1        1        104223      104223.00   104223.00   0.00       
  48       2025064      1        5        407813       0.05   9        0        102838      45312.56    0.00        45312.56   
  49       2807400      1        3        1256150      0.15   21       0        102536      59816.67    0.00        59816.67   
  50       2020569      1        1        1261839      0.15   21       0        101631      60087.57    0.00        60087.57   
  51       2103046      1        5        3715627      0.44   255      0        97426       14571.09    0.00        14571.09   
  52       2017748      1        6        3762230      0.44   250      0        96100       15048.92    0.00        15048.92   
  53       2103038      1        5        3417572      0.40   124      0        95994       27561.06    0.00        27561.06   
  54       2008438      1        20       1011254      0.12   21       0        95695       48154.95    0.00        48154.95   
  55       2823263      1        3        167773       0.02   3        0        93531       55924.33    0.00        55924.33   
  56       2009897      1        14       476486       0.06   21       0        92282       22689.81    0.00        22689.81   
  57       2021067      1        2        303392       0.04   6        6        87987       50565.33    50565.33    0.00       
  58       2018061      1        2        339949       0.04   10       0        87952       33994.90    0.00        33994.90   
  59       2024829      1        2        7168644      0.85   352      0        87254       20365.47    0.00        20365.47   
  60       2016143      1        3        3914366      0.46   261      0        86909       14997.57    0.00        14997.57   
  61       2018068      1        2        302026       0.04   7        0        86677       43146.57    0.00        43146.57   
  62       2017552      1        6        23083285     2.73   1624     0        85887       14213.85    0.00        14213.85   
  63       2102465      1        9        1657823      0.20   44       23       83600       37677.80    49474.48    24757.62   
  64       2804906      1        3        1751421      0.21   38       0        82189       46090.03    0.00        46090.03   
  65       2020607      1        3        213027       0.03   6        0        81933       35504.50    0.00        35504.50   
  66       2815451      1        2        3531907      0.42   312      0        79860       11320.21    0.00        11320.21   
  67       2816940      1        2        530442       0.06   9        0        79840       58938.00    0.00        58938.00   
  68       2809850      1        2        208621       0.02   6        0        79459       34770.17    0.00        34770.17   
  69       2019344      1        5        423151       0.05   7        1        79354       60450.14    79354.00    57299.50   
  70       2018959      1        3        638113       0.08   55       5        79288       11602.05    57886.40    6973.62    
  71       2816909      1        2        577543       0.07   9        0        79000       64171.44    0.00        64171.44   
  72       2014473      1        5        3569372      0.42   250      0        78676       14277.49    0.00        14277.49   
  73       2816394      1        2        280098       0.03   5        0        78325       56019.60    0.00        56019.60   
  74       2802042      1        3        534914       0.06   11       0        78231       48628.55    0.00        48628.55   
  75       2103022      1        4        4040844      0.48   124      0        78151       32587.45    0.00        32587.45   
  76       2009909      1        10       473071       0.06   21       0        77735       22527.19    0.00        22527.19   
  77       2806659      1        4        193193       0.02   6        0        77551       32198.83    0.00        32198.83   
  78       2023875      1        2        292029       0.03   7        0        77301       41718.43    0.00        41718.43   
  79       2816910      1        2        513524       0.06   9        0        75889       57058.22    0.00        57058.22   
  80       2018457      1        1        345803       0.04   11       0        75846       31436.64    0.00        31436.64   
  81       2023625      1        3        951539       0.11   323      0        75796       2945.94     0.00        2945.94    
  82       2816619      1        2        246201       0.03   5        0        75429       49240.20    0.00        49240.20   
  83       2018065      1        2        661579       0.08   14       0        75374       47255.64    0.00        47255.64   
  84       2821561      1        2        618179       0.07   14       0        74578       44155.64    0.00        44155.64   
  85       2822367      1        2        443872       0.05   28       0        74107       15852.57    0.00        15852.57   
  86       2102383      1        21       475064       0.06   12       0        74068       39588.67    0.00        39588.67   
  87       2828008      1        2        629571       0.07   17       0        73456       37033.59    0.00        37033.59   
  88       2815201      1        2        208546       0.02   7        0        73346       29792.29    0.00        29792.29   
  89       2020777      1        2        280625       0.03   8        0        73320       35078.12    0.00        35078.12   
  90       2025142      1        2        72931        0.01   1        0        72931       72931.00    0.00        72931.00   
  91       2018063      1        3        125672       0.01   2        0        72316       62836.00    0.00        62836.00   
  92       2018064      1        2        339655       0.04   12       0        72073       28304.58    0.00        28304.58   
  93       2810020      1        2        14574999     1.72   642      0        70742       22702.49    0.00        22702.49   
  94       2102954      1        4        1267320      0.15   44       0        70666       28802.73    0.00        28802.73   
  95       2816929      1        4        362663       0.04   9        0        70421       40295.89    0.00        40295.89   
  96       2020794      1        2        1221642      0.14   44       0        70172       27764.59    0.00        27764.59   
  97       2021954      1        2        815858       0.10   55       0        69168       14833.78    0.00        14833.78   
  98       2020181      1        8        69032        0.01   1        0        69032       69032.00    0.00        69032.00   
  99       2022773      1        2        166945       0.02   5        0        68912       33389.00    0.00        33389.00   
  100      2816525      1        10       335142       0.04   9        0        68714       37238.00    0.00        37238.00   
  101      2016503      1        2        3428881      0.41   234      0        67929       14653.34    0.00        14653.34   
  102      2807130      1        4        2878825      0.34   204      0        67362       14111.89    0.00        14111.89   
  103      2018062      1        2        171896       0.02   3        0        67135       57298.67    0.00        57298.67   
  104      2102979      1        4        122317       0.01   6        0        67002       20386.17    0.00        20386.17   
  105      2018066      1        2        294124       0.03   7        0        66875       42017.71    0.00        42017.71   
  106      2103019      1        5        1901465      0.22   642      0        66875       2961.78     0.00        2961.78    
  107      2018059      1        2        399944       0.05   28       0        66863       14283.71    0.00        14283.71   
  108      2018958      1        18       323315       0.04   7        0        66203       46187.86    0.00        46187.86   
  109      2023711      1        2        731611       0.09   55       0        65977       13302.02    0.00        13302.02   
  110      2023832      1        3        1039793      0.12   56       0        65700       18567.73    0.00        18567.73   
  111      2008276      1        15       203891       0.02   4        4        65526       50972.75    50972.75    0.00       
  112      2800995      1        1        4029444      0.48   204      0        65035       19752.18    0.00        19752.18   
  113      2018067      1        3        435171       0.05   54       0        64978       8058.72     0.00        8058.72    
  114      2810804      1        6        74364        0.01   4        0        64812       18591.00    0.00        18591.00   
  115      2830124      1        1        64580        0.01   1        0        64580       64580.00    0.00        64580.00   
  116      2020496      1        2        176554       0.02   4        0        64506       44138.50    0.00        44138.50   
  117      2103054      1        5        3539752      0.42   255      0        64344       13881.38    0.00        13881.38   
  118      2018374      1        2        282839       0.03   17       0        64139       16637.59    0.00        16637.59   
  119      2827279      1        5        581814       0.07   17       0        63934       34224.35    0.00        34224.35   
  120      2827757      1        3        63927        0.01   1        0        63927       63927.00    0.00        63927.00   
  121      2019881      1        3        291583       0.03   7        0        63662       41654.71    0.00        41654.71   
  122      2102471      1        12       1537200      0.18   48       2        63573       32025.00    45525.00    31438.04   
  123      2102468      1        9        1446672      0.17   48       0        63474       30139.00    0.00        30139.00   
  124      2020796      1        2        171652       0.02   5        0        63455       34330.40    0.00        34330.40   
  125      2103003      1        7        31

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2019-05-06 14:34:14,363 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-06 14:34:15,091 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-06 14:34:15,091 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-06 14:34:15,092 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-06 14:34:15,092 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-06 14:34:15,092 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bf33640071f0ba7015a2ccc660c6c26256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05062019.1428-123456.pcap -vvv -k none
2019-05-06 14:34:37,346 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-06 14:34:37,346 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.9909830093