Filename: 123456.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.98812603951 seconds
Hash: bf33640071f0ba7015a2ccc660c6c262
Uploaded: 1557152885

Logfiles


suricata-report-2019-05-06-T-14-28-15-05062019.1428-123456.pcap.txt - (17855 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/bf33640071f0ba7015a2ccc660c6c262d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05062019.1428-123456.pcap -vvv -k none
elapsedtime:8.969101
stderr:
stdout:
6/5/2019 -- 14:28:06 - <Info> - Configuration node 'rule-files' redefined.
6/5/2019 -- 14:28:06 - <Notice> - This is Suricata version 4.0.0 RELEASE
6/5/2019 -- 14:28:06 - <Info> - CPUs/cores online: 1
6/5/2019 -- 14:28:06 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33573 and 'request-body-inspect-window' set to 16185 after randomization.
6/5/2019 -- 14:28:06 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33952 and 'response-body-inspect-window' set to 16526 after randomization.
6/5/2019 -- 14:28:06 - <Config> - DNS request flood protection level: 500
6/5/2019 -- 14:28:06 - <Config> - DNS per flow memcap (state-memcap): 524288
6/5/2019 -- 14:28:06 - <Config> - DNS global memcap: 16777216
6/5/2019 -- 14:28:06 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
6/5/2019 -- 14:28:06 - <Config> - preallocated 1000 hosts of size 136
6/5/2019 -- 14:28:06 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
6/5/2019 -- 14:28:06 - <Config> - using magic-file /usr/share/file/magic
6/5/2019 -- 14:28:06 - <Config> - Core dump size is unlimited.
6/5/2019 -- 14:28:06 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
6/5/2019 -- 14:28:06 - <Config> - preallocated 1000 defrag trackers of size 168
6/5/2019 -- 14:28:06 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
6/5/2019 -- 14:28:06 - <Config> - stream "prealloc-sessions": 2048 (per thread)
6/5/2019 -- 14:28:06 - <Config> - stream "memcap": 33554432
6/5/2019 -- 14:28:06 - <Config> - stream "midstream" session pickups: disabled
6/5/2019 -- 14:28:06 - <Config> - stream "async-oneside": disabled
6/5/2019 -- 14:28:06 - <Config> - stream "checksum-validation": disabled
6/5/2019 -- 14:28:06 - <Config> - stream."inline": disabled
6/5/2019 -- 14:28:06 - <Config> - stream "bypass": disabled
6/5/2019 -- 14:28:06 - <Config> - stream "max-synack-queued": 5
6/5/2019 -- 14:28:06 - <Config> - stream.reassembly "memcap": 134217728
6/5/2019 -- 14:28:06 - <Config> - stream.reassembly "depth": 0
6/5/2019 -- 14:28:06 - <Config> - stream.reassembly "toserver-chunk-size": 2462
6/5/2019 -- 14:28:06 - <Config> - stream.reassembly "toclient-chunk-size": 2628
6/5/2019 -- 14:28:06 - <Config> - stream.reassembly.raw: enabled
6/5/2019 -- 14:28:06 - <Config> - stream.reassembly "segment-prealloc": 2048
6/5/2019 -- 14:28:06 - <Config> - Delayed detect disabled
6/5/2019 -- 14:28:06 - <Config> - pattern matchers: MPM: ac, SPM: bm
6/5/2019 -- 14:28:06 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
6/5/2019 -- 14:28:06 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
6/5/2019 -- 14:28:06 - <Config> - prefilter engines: MPM
6/5/2019 -- 14:28:06 - <Config> - IP reputation disabled
6/5/2019 -- 14:28:06 - <Perf> - Registered 148 keyword profiling counters.
6/5/2019 -- 14:28:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
6/5/2019 -- 14:28:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
6/5/2019 -- 14:28:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
6/5/2019 -- 14:28:07 - <Config> - No rules loaded from ET-emerging-icmp.rules.
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
6/5/2019 -- 14:28:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
6/5/2019 -- 14:28:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
6/5/2019 -- 14:28:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
6/5/2019 -- 14:28:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
6/5/2019 -- 14:28:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
6/5/2019 -- 14:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
6/5/2019 -- 14:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
6/5/2019 -- 14:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
6/5/2019 -- 14:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
6/5/2019 -- 14:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
6/5/2019 -- 14:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
6/5/2019 -- 14:28:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
6/5/2019 -- 14:28:11 - <Config> - No rules loaded from local.rules.
6/5/2019 -- 14:28:11 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
6/5/2019 -- 14:28:11 - <Info> - Threshold config parsed: 0 rule(s) found
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for tcp-packet
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for tcp-stream
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for udp-packet
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for other-ip
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_uri
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_client_body
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_header
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_header_names
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_accept
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_accept_enc
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_accept_lang
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_referer
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_connection
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_content_len
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_content_type
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_protocol
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_start
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_raw_header
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_method
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_cookie
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_raw_uri
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_user_agent
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_host
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_raw_host
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_stat_msg
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_stat_code
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for dns_query
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for tls_sni
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for tls_cert_issuer
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for tls_cert_subject
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for tls_cert_serial
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for dce_stub_data
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for ssh_protocol
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for ssh_software
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for file_data
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_request_line
6/5/2019 -- 14:28:11 - <Perf> - using shared mpm ctx' for http_response_line
6/5/2019 -- 14:28:11 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
6/5/2019 -- 14:28:11 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
6/5/2019 -- 14:28:11 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
6/5/2019 -- 14:28:11 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
6/5/2019 -- 14:28:11 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
6/5/2019 -- 14:28:11 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
6/5/2019 -- 14:28:11 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
6/5/2019 -- 14:28:11 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
6/5/2019 -- 14:28:12 - <Perf> - Unique rule groups: 111
6/5/2019 -- 14:28:12 - <Perf> - Builtin MPM "toserver TCP packet": 31
6/5/2019 -- 14:28:12 - <Perf> - Builtin MPM "toclient TCP packet": 20
6/5/2019 -- 14:28:12 - <Perf> - Builtin MPM "toserver TCP stream": 31
6/5/2019 -- 14:28:12 - <Perf> - Builtin MPM "toclient TCP stream": 21
6/5/2019 -- 14:28:12 - <Perf> - Builtin MPM "toserver UDP packet": 33
6/5/2019 -- 14:28:12 - <Perf> - Builtin MPM "toclient UDP packet": 15
6/5/2019 -- 14:28:12 - <Perf> - Builtin MPM "other IP packet": 2
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_uri": 8
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_request_line": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_client_body": 6
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient http_response_line": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_header": 6
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient http_header": 3
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_header_names": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_accept": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_referer": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_content_len": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_content_type": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient http_content_type": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_start": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_method": 3
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_cookie": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient http_cookie": 2
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver http_host": 2
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver dns_query": 4
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver tls_sni": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toserver file_data": 1
6/5/2019 -- 14:28:12 - <Perf> - AppLayer MPM "toclient file_data": 5
6/5/2019 -- 14:28:13 - <Perf> - Registered 18241 rule profiling counters.
6/5/2019 -- 14:28:13 - <Info> - fast output device (regular) initialized: alert
6/5/2019 -- 14:28:13 - <Info> - eve-log output device (regular) initialized: eve.json
6/5/2019 -- 14:28:13 - <Config> - enabling 'eve-log' module 'alert'
6/5/2019 -- 14:28:13 - <Config> - enabling 'eve-log' module 'http'
6/5/2019 -- 14:28:13 - <Config> - enabling 'eve-log' module 'dns'
6/5/2019 -- 14:28:13 - <Config> - enabling 'eve-log' module 'tls'
6/5/2019 -- 14:28:13 - <Config> - enabling 'eve-log' module 'files'
6/5/2019 -- 14:28:13 - <Config> - enabling 'eve-log' module 'ssh'
6/5/2019 -- 14:28:13 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
6/5/2019 -- 14:28:13 - <Info> - stats output device (regular) initialized: stats.log
6/5/2019 -- 14:28:13 - <Config> - AutoFP mode using "Hash" flow load balancer
6/5/2019 -- 14:28:13 - <Info> - reading pcap file /var/pcap/05062019.

This file has been truncated. Go here to download in full.


packet_stats.log - (15172 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            12         10069245      566524599     189971919          2.3b    0.02
 IPv4       6          8973          4767121     1694697513    1091038757       9789.9b   95.10
 IPv4      17           485          9335285     1694545695    1035669607        502.3b    4.88
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            12            72526         130339         85704          1.0m    0.05
TMM_FLOWWORKER              IPv4       6          8973            60740       13684708        223443          2.0b   90.10
TMM_FLOWWORKER              IPv4      17           485           125475        7994155        245915        119.3m    5.36
TMM_RECEIVEPCAPFILE         IPv4       2            12             2545           6782          3210         38.5k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          8843             2531       19201702          7179         63.5m    2.85
TMM_RECEIVEPCAPFILE         IPv4      17           485             2538          43167          2851          1.4m    0.06
TMM_DECODEPCAPFILE          IPv4       2            12             2664           4419          2973         35.7k    0.00
TMM_DECODEPCAPFILE          IPv4       6          8843             2645        4368361          3795         33.6m    1.51
TMM_DECODEPCAPFILE          IPv4      17           485             2659          33889          3130          1.5m    0.07

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          8843             2795        5704613          3936         34.8m  1.79  
flow                    IPv4      17           485             2802          16863          3517          1.7m  0.09  
stream                  IPv4       6          8973             2572        5412456          7303         65.5m  3.37  
app-layer               IPv4      17           485             2519          50145          5311          2.6m  0.13  
detect                  IPv4       2            12            67078         122692         79863        958.4k  0.05  
detect                  IPv4       6          8973            44165       10474612        190903          1.7b  88.20 
detect                  IPv4      17           485           109108        7474973        199969         97.0m  4.99  
tcp-prune               IPv4       6          8973             2538          82384          2970         26.7m  1.37  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            19             3192          52455         20453        388.6k  32.12 
http                    IPv4      17             4            43482          43482         43482        173.9k  14.37 
smb                     IPv4       6            10             2693           3851          3090         30.9k  2.55  
smb2                    IPv4       6             2             2528           2529          2528          5.1k  0.42  
dcerpc                  IPv4       6            48             2601          15931          3624        174.0k  14.38 
dcerpc                  IPv4      17             1             2601           2601          2601          2.6k  0.21  
dns                     IPv4       6             1             3693           3693          3693          3.7k  0.31  
dns                     IPv4      17            73             3619          10791          5907        431.2k  35.64 
Proto detect            IPv4       6            57             2675          35405          4180        238.3k
Proto detect            IPv4      17            97             2735          10035          5212        505.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            47            15019          73893         41829          2.0m  7.93  
LOGGER_ALERT_FAST           IPv4      17             2            14698          65282         39990         80.0k  0.32  
LOGGER_UNIFIED2             IPv4       6            47            19095         142271         54032          2.5m  10.24 
LOGGER_UNIFIED2             IPv4      17             2            23720         178390        101055        202.1k  0.81  
LOGGER_JSON_ALERT           IPv4       6            47            33659         159730         73860          3.5m  14.00 
LOGGER_JSON_ALERT           IPv4      17             2            36272          54266         45269         90.5k  0.37  
LOGGER_JSON_DNS             IPv4       6             2            41742          61714         51728        103.5k  0.42  
LOGGER_JSON_DNS             IPv4      17            60            25582        7616249        194272         11.7m  46.99 
LOGGER_JSON_HTTP            IPv4       6            21            37604         207695        117618          2.5m  9.96  
LOGGER_JSON_FILE            IPv4       6            21            62277         232420        105923          2.2m  8.97  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          5843             2525        6901368         17070        99.7m  21.08 
payload                           IPv4      17           485             3236         111450         10921         5.3m  1.12  
stream                            IPv4       6          5843             2516        5947460         21855       127.7m  26.99 
http_uri                          IPv4       6            21             3686          44375         13372       280.8k  0.06  
http_request_line                 IPv4       6            21             3422          20993          7259       152.5k  0.03  
http_client_body                  IPv4       6            30             2695         383462         22549       676.5k  0.14  
http_header (request)             IPv4       6            21             4802         443507         60005         1.3m  0.27  
http_header (request trailer)     IPv4       6            21             2606           4039          2746        57.7k  0.01  
http_header_names (request)       IPv4       6            21             4262          42525         18731       393.4k  0.08  
http_accept (request)             IPv4       6            21             3085           7296          4072        85.5k  0.02  
http_referer (request)            IPv4       6            21             2922           3872          3279        68.9k  0.01  
http_content_len (request)        IPv4       6            21             2873          31229          4906       103.0k  0.02  
http_content_type (request)       IPv4       6            21             2774          12007          4424        92.9k  0.02  
http_start (request)              IPv4       6            21             4004          16767         10225       214.7k  0.05  
http_raw_header (request)         IPv4       6            30             3505          31538          9914       297.4k  0.06  
http_method                       IPv4       6            21             2833          14683          5183       108.9k  0.02  
http_cookie (request)             IPv4       6            21             2673          15890          6603       138.7k  0.03  
http_raw_uri                      IPv4       6            21             2967          17298          4839       101.6k  0.02  
http_user_agent                   IPv4       6            21             2659          42621         19033       399.7k  0.08  
http_host                         IPv4       6            21             3122          11543          5668       119.0k  0.03  
dns_query                         IPv4       6             1             7727           7727          7727         7.7k  0.00  
dns_query                         IPv4      17            30             3253          21265         10401       312.0k  0.07  
http_response_line                IPv4       6            21             4571          16052          8536       179.3k  0.04  
http_header (response)            IPv4       6            21            12610         124803         43611       915.8k  0.19  
http_header (response trailer)    IPv4       6            21             2608         228067         16308       342.5k  0.07  
http_content_type (response)      IPv4       6            21             3167           8859          4914       103.2k  0.02  
http_raw_header (response)        IPv4       6          2892             3457          58291          4306        12.5m  2.63  
http_cookie (response)            IPv4       6            21             2972           4008          3282        68.9k  0.01  
http_stat_code                    IPv4       6            21             2715           4919          3942        82.8k  0.02  
file_data (http response)         IPv4       6          2892             2549        1412244         76524       221.3m  46.78 
Total                             IPv4                 18487                                         25589       473.1m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            12            19086          45303         25265        303.2k  0.01  
PROF_DETECT_IPONLY          IPv4       6           252             3201          68223         22180          5.6m  0.25  
PROF_DETECT_IPONLY          IPv4      17           109            18546          65344         23608          2.6m  0.12  
PROF_DETECT_RULES           IPv4       2            12             2536          10927          3385         40.6k  0.00  
PROF_DETECT_RULES           IPv4       6          8973             2520       10316079         57608        516.9m  23.38 
PROF_DETECT_RULES           IPv4      17           485            48473        7359106        107401         52.1m  2.36  
PROF_DETECT_STATEFUL_START    IPv4       6          2679             5094        1102268         24252         65.0m  2.94  
PROF_DETECT_STATEFUL_CONT    IPv4       2            12             2514           3283          2716         32.6k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          8973             2503         414854          8255         74.1m  3.35  
PROF_DETECT_STATEFUL_CONT    IPv4      17           485             2508          55844          3250          1.6m  0.07  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          6788             2540         385688          2867         19.5m  0.88  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            60             2595           4924          2860        171.6k  0.01  
PROF_DETECT_PREFILTER       IPv4       2            12             7874          22783          9663        116.0k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          8973             7695        6923987         79673        714.9m  32.34 
PROF_DETECT_PREFILTER       IPv4      17           485            24282         135767         35657         17.3m  0.78  
PROF_DETECT_PF_PAYLOAD      IPv4       6          5843            12824        6912363         47282        276.3m  12.50 
PROF_DETECT_PF_PAYLOAD      IPv4      17           485             8279         116686         16633          8.1m  0.36  
PROF_DETECT_PF_TX           IPv4       6          6788             2560        5848134         42221        286.6m  12.96 
PROF_DETECT_PF_TX           IPv4      17            30             8480          26950         16111        483.4k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6          4112             2518          50200          3450         14.2m  0.64  
PROF_DETECT_PF_SORT1        IPv4      17           485             2724          27572          3404          1.7m  0.07  
PROF_DETECT_PF_SORT2        IPv4       2            12             2515           3347          2678         32.1k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          8973             2508          48464          2839         25.5m  1.15  
PROF_DETECT_PF_SORT2        IPv4      17           485             2545          43786          3001          1.5m  0.07  
PROF_DETECT_NONMPMLIST      IPv4       2            12             2535           3660          2883         34.6k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          8973             2518         101098          3002         26.9m  1.22  
PROF_DETECT_NONMPMLIST      IPv4      17           485             2518          40608          3126          1.5m  0.07  
PROF_DETECT_ALERT           IPv4       2            12             2532           3297          2659         31.9k  0.00  
PROF_DETECT_ALERT           IPv4       6          8973             2514        7101323          4286         38.5m  1.74  
PROF_DETECT_ALERT           IPv4      17           485             2523          34308          2926          1.4m  0.06  
PROF_DETECT_CLEANUP         IPv4       2            12             2518           2765          2571         30.9k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          8973             2544          58067          2930         26.3m  1.19  
PROF_DETECT_CLEANUP         IPv4      17           485             2520          41697          3024          1.5m  0.07  
PROF_DETECT_GETSGH          IPv4       2            12             2733           3603          2926         35.1k  0.00  
PROF_DETECT_GETSGH          IPv4       6          8973             2519          48059          3134         28.1m  1.27  
PROF_DETECT_GETSGH          IPv4      17           485             2527          31616          4148          2.0m  0.09  


stats.log - (3767 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
------------------------------------------------------------------------------------
Date: 5/6/2019 -- 14:28:15 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 9340
decoder.bytes                              | Total                     | 5948462
decoder.ipv4                               | Total                     | 9340
decoder.ethernet                           | Total                     | 9340
decoder.tcp                                | Total                     | 8843
decoder.udp                                | Total                     | 485
decoder.avg_pkt_size                       | Total                     | 636
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 128
flow.udp                                   | Total                     | 70
tcp.sessions                               | Total                     | 128
tcp.syn                                    | Total                     | 129
tcp.synack                                 | Total                     | 124
tcp.rst                                    | Total                     | 95
tcp.reassembly_gap                         | Total                     | 24
detect.alert                               | Total                     | 57
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 15
app_layer.tx.http                          | Total                     | 21
app_layer.flow.smb                         | Total                     | 8
app_layer.flow.dcerpc_tcp                  | Total                     | 10
app_layer.flow.dns_tcp                     | Total                     | 1
app_layer.tx.dns_tcp                       | Total                     | 1
app_layer.flow.failed_tcp                  | Total                     | 41
app_layer.flow.dns_udp                     | Total                     | 30
app_layer.tx.dns_udp                       | Total                     | 30
app_layer.flow.failed_udp                  | Total                     | 40
flow_mgr.closed_pruned                     | Total                     | 47
flow_mgr.new_pruned                        | Total                     | 25
flow_mgr.est_pruned                        | Total                     | 37
flow.spare                                 | Total                     | 10057
flow_mgr.flows_checked                     | Total                     | 106
flow_mgr.flows_notimeout                   | Total                     | 19
flow_mgr.flows_timeout                     | Total                     | 87
flow_mgr.flows_timeout_inuse               | Total                     | 30
flow_mgr.flows_removed                     | Total                     | 57
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65430
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7104832


eve.json - (72827 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{"timestamp":"2018-10-01T18:54:16.743122+0000","flow_id":1063205956245202,"pcap_cnt":13,"event_type":"dns","src_ip":"10.1.75.167","src_port":64439,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16935,"rrname":"_ldap._tcp.dc._msdcs.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:16.743123+0000","flow_id":1063205956245202,"pcap_cnt":14,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":64439,"proto":"UDP","dns":{"type":"answer","id":16935,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:16.745869+0000","flow_id":187163624366477,"pcap_cnt":15,"event_type":"dns","src_ip":"10.1.75.167","src_port":49641,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11190,"rrname":"pixelshine-dc.pixelshine.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:16.745869+0000","flow_id":187163624366477,"pcap_cnt":16,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":49641,"proto":"UDP","dns":{"type":"answer","id":11190,"rcode":"NOERROR","rrname":"pixelshine-dc.pixelshine.net","rrtype":"A","ttl":3600,"rdata":"10.1.75.4"}}
{"timestamp":"2018-10-01T18:54:16.956644+0000","flow_id":476670189934820,"pcap_cnt":73,"event_type":"dns","src_ip":"10.1.75.167","src_port":63036,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14622,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:16.956840+0000","flow_id":476670189934820,"pcap_cnt":74,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63036,"proto":"UDP","dns":{"type":"answer","id":14622,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:17.741935+0000","flow_id":1020127434330671,"pcap_cnt":169,"event_type":"dns","src_ip":"10.1.75.167","src_port":56893,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":52982,"rrname":"_ldap._tcp.dc._msdcs.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:17.741936+0000","flow_id":2201949962850864,"pcap_cnt":170,"event_type":"dns","src_ip":"10.1.75.167","src_port":60070,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":41098,"rrname":"_ldap._tcp.dc._msdcs.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:17.742174+0000","flow_id":1020127434330671,"pcap_cnt":171,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":56893,"proto":"UDP","dns":{"type":"answer","id":52982,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:17.742175+0000","flow_id":2201949962850864,"pcap_cnt":172,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":60070,"proto":"UDP","dns":{"type":"answer","id":41098,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:17.858858+0000","flow_id":1045865025837802,"pcap_cnt":222,"event_type":"dns","src_ip":"10.1.75.167","src_port":54310,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21485,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:17.858995+0000","flow_id":1045865025837802,"pcap_cnt":223,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":54310,"proto":"UDP","dns":{"type":"answer","id":21485,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:17.954574+0000","flow_id":837653601292494,"pcap_cnt":250,"event_type":"dns","src_ip":"10.1.75.167","src_port":62702,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60434,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:17.954699+0000","flow_id":837653601292494,"pcap_cnt":251,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":62702,"proto":"UDP","dns":{"type":"answer","id":60434,"rcode":"NOERROR","rrtype":"SRV","ttl":600,"rdata":""}}
{"timestamp":"2018-10-01T18:54:18.094689+0000","flow_id":1323382190272993,"pcap_cnt":285,"event_type":"dns","src_ip":"10.1.75.167","src_port":49392,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64642,"rrname":"_ldap._tcp.Default-First-Site-Name._sites.PixelShine-DC.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:18.094818+0000","flow_id":1323382190272993,"pcap_cnt":286,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":49392,"proto":"UDP","dns":{"type":"answer","id":64642,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.Default-First-Site-Name._sites.PixelShine-DC.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:18.094818+0000","flow_id":1323382190272993,"pcap_cnt":286,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":49392,"proto":"UDP","dns":{"type":"answer","id":64642,"rcode":"NXDOMAIN","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:18.095235+0000","flow_id":1535890729628675,"pcap_cnt":287,"event_type":"dns","src_ip":"10.1.75.167","src_port":50255,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40367,"rrname":"_ldap._tcp.PixelShine-DC.pixelshine.net","rrtype":"SRV","tx_id":0}}
{"timestamp":"2018-10-01T18:54:18.095313+0000","flow_id":1535890729628675,"pcap_cnt":288,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":50255,"proto":"UDP","dns":{"type":"answer","id":40367,"rcode":"NXDOMAIN","rrname":"_ldap._tcp.PixelShine-DC.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:18.095313+0000","flow_id":1535890729628675,"pcap_cnt":288,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":50255,"proto":"UDP","dns":{"type":"answer","id":40367,"rcode":"NXDOMAIN","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:19.671733+0000","flow_id":2146171222704117,"pcap_cnt":433,"event_type":"dns","src_ip":"10.1.75.167","src_port":50034,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44663,"rrname":"wpad.pixelshine.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:19.671927+0000","flow_id":2146171222704117,"pcap_cnt":434,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":50034,"proto":"UDP","dns":{"type":"answer","id":44663,"rcode":"NXDOMAIN","rrname":"wpad.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:19.671927+0000","flow_id":2146171222704117,"pcap_cnt":434,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":50034,"proto":"UDP","dns":{"type":"answer","id":44663,"rcode":"NXDOMAIN","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:20.089129+0000","flow_id":842616436186153,"pcap_cnt":439,"event_type":"dns","src_ip":"10.1.75.167","src_port":57197,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":51041,"rrname":"isatap.pixelshine.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:20.089130+0000","flow_id":842616436186153,"pcap_cnt":440,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57197,"proto":"UDP","dns":{"type":"answer","id":51041,"rcode":"NXDOMAIN","rrname":"isatap.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:20.089130+0000","flow_id":842616436186153,"pcap_cnt":440,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57197,"proto":"UDP","dns":{"type":"answer","id":51041,"rcode":"NXDOMAIN","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:20.099765+0000","flow_id":1451078010570165,"pcap_cnt":441,"event_type":"dns","src_ip":"10.1.75.167","src_port":59409,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":55016,"rrname":"PixelShine-DC.pixelshine.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:20.099766+0000","flow_id":1451078010570165,"pcap_cnt":442,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":59409,"proto":"UDP","dns":{"type":"answer","id":55016,"rcode":"NOERROR","rrname":"PixelShine-DC.pixelshine.net","rrtype":"A","ttl":3600,"rdata":"10.1.75.4"}}
{"timestamp":"2018-10-01T18:54:20.190148+0000","flow_id":570667696973508,"pcap_cnt":446,"event_type":"dns","src_ip":"10.1.75.167","src_port":49492,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37165,"rrname":"isatap.localdomain","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:20.326375+0000","flow_id":570667696973508,"pcap_cnt":447,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":49492,"proto":"UDP","dns":{"type":"answer","id":37165,"rcode":"NXDOMAIN","rrname":"isatap.localdomain"}}
{"timestamp":"2018-10-01T18:54:22.249954+0000","flow_id":38416022425698,"pcap_cnt":484,"event_type":"dns","src_ip":"10.1.75.167","src_port":63274,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":32684,"rrname":"www.msftncsi.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-10-01T18:54:22.412173+0000","flow_id":38416022425698,"pcap_cnt":521,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63274,"proto":"UDP","dns":{"type":"answer","id":32684,"rcode":"NOERROR","rrname":"www.msftncsi.com","rrtype":"CNAME","ttl":1984,"rdata":"www.msftncsi.com.edgesuite.net"}}
{"timestamp":"2018-10-01T18:54:22.412173+0000","flow_id":38416022425698,"pcap_cnt":521,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63274,"proto":"UDP","dns":{"type":"answer","id":32684,"rcode":"NOERROR","rrname":"www.msftncsi.com.edgesuite.net","rrtype":"CNAME","ttl":19,"rdata":"a1961.g2.akamai.net"}}
{"timestamp":"2018-10-01T18:54:22.412173+0000","flow_id":38416022425698,"pcap_cnt":521,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63274,"proto":"UDP","dns":{"type":"answer","id":32684,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":18,"rdata":"104.86.111.155"}}
{"timestamp":"2018-10-01T18:54:22.412173+0000","flow_id":38416022425698,"pcap_cnt":521,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63274,"proto":"UDP","dns":{"type":"answer","id":32684,"rcode":"NOERROR","rrname":"a1961.g2.akamai.net","rrtype":"A","ttl":18,"rdata":"104.86.110.251"}}
{"timestamp":"2018-10-01T18:54:22.675083+0000","flow_id":697740746969326,"pcap_cnt":528,"event_type":"http","src_ip":"10.1.75.167","src_port":49188,"dest_ip":"104.86.111.155","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain"}}
{"timestamp":"2018-10-01T18:54:22.675240+0000","flow_id":697740746969326,"pcap_cnt":530,"event_type":"fileinfo","src_ip":"104.86.111.155","src_port":80,"dest_ip":"10.1.75.167","dest_port":49188,"proto":"TCP","http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":14},"app_proto":"http","fileinfo":{"filename":"\/ncsi.txt","gaps":false,"state":"CLOSED","stored":false,"size":14,"tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.656799+0000","flow_id":749426383521183,"pcap_cnt":531,"event_type":"dns","src_ip":"10.1.75.167","src_port":63164,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33873,"rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.657043+0000","flow_id":749426383521183,"pcap_cnt":532,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63164,"proto":"UDP","dns":{"type":"answer","id":33873,"rcode":"NOERROR","rrname":"pixelshine.net","rrtype":"SOA","ttl":3600}}
{"timestamp":"2018-10-01T18:54:24.658428+0000","flow_id":1332457456536572,"pcap_cnt":533,"event_type":"alert","src_ip":"10.1.75.167","src_port":57645,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2009702,"rev":5,"signature":"ET POLICY DNS Update From External net","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"dns"}
{"timestamp":"2018-10-01T18:54:24.658428+0000","flow_id":1332457456536572,"pcap_cnt":533,"event_type":"dns","src_ip":"10.1.75.167","src_port":57645,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63673,"rrname":"pixelshine.net","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1332457456536572,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1332457456536572,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"CNAME","ttl":0,"rdata":"Rigsby-Win-PC.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1332457456536572,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"AAAA","ttl":0,"rdata":""}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1332457456536572,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"A","ttl":0,"rdata":""}}
{"timestamp":"2018-10-01T18:54:24.659550+0000","flow_id":1332457456536572,"pcap_cnt":534,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":57645,"proto":"UDP","dns":{"type":"answer","id":63673,"rcode":"REFUSED","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"A","ttl":1200,"rdata":"10.1.75.167"}}
{"timestamp":"2018-10-01T18:54:24.667386+0000","flow_id":1039463377542409,"pcap_cnt":554,"event_type":"dns","src_ip":"10.1.75.167","src_port":62032,"dest_ip":"10.1.75.4","dest_port":53,"proto":"TCP","dns":{"type":"query","id":33166,"rrname":"1040-ms-7.1-5b96.66e80234-c5ab-11e8-64b6-0001e669535a","rrtype":"TKEY","tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.668277+0000","flow_id":1039463377542409,"pcap_cnt":557,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":62032,"proto":"TCP","dns":{"type":"answer","id":33166,"rcode":"NOERROR","rrtype":"TKEY","ttl":0,"rdata":""}}
{"timestamp":"2018-10-01T18:54:24.668530+0000","flow_id":2158063987471218,"pcap_cnt":559,"event_type":"alert","src_ip":"10.1.75.167","src_port":63452,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2009702,"rev":5,"signature":"ET POLICY DNS Update From External net","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"dns"}
{"timestamp":"2018-10-01T18:54:24.668530+0000","flow_id":2158063987471218,"pcap_cnt":559,"event_type":"dns","src_ip":"10.1.75.167","src_port":63452,"dest_ip":"10.1.75.4","dest_port":53,"proto":"UDP","dns":{"type":"query","id":849,"rrname":"pixelshine.net","rrtype":"SOA","tx_id":0}}
{"timestamp":"2018-10-01T18:54:24.770324+0000","flow_id":2158063987471218,"pcap_cnt":560,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip":"10.1.75.167","dest_port":63452,"proto":"UDP","dns":{"type":"answer","id":849,"rcode":"NOERROR","rrname":"Rigsby-Win-PC.pixelshine.net","rrtype":"CNAME","ttl":0,"rdata":"Rigsby-Win-PC.pixelshine.net"}}
{"timestamp":"2018-10-01T18:54:24.770324+0000","flow_id":2158063987471218,"pcap_cnt":560,"event_type":"dns","src_ip":"10.1.75.4","src_port":53,"dest_ip"

This file has been truncated. Go here to download in full.


keyword_perf.log - (16535 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/6/2019 -- 14:28:15
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            139578          47              47              8524            2969.00         2969.00         0.00           
  dsize            10175           3               3               3826            3391.00         3391.00         0.00           
  flow             30798233        8891            8891            4976035         3463.00         3463.00         0.00           
  threshold        263872          51              4               42612           5173.00         6363.00         5072.00        
  content          74811319        11458           5092            210818          6529.00         7284.00         5924.00        
  pcre             1939681         398             156             35917           4873.00         4363.00         5202.00        
  byte_test        12735900        1807            872             7212837         7048.00         11457.00        2936.00        
  byte_jump        2848804         940             184             62922           3030.00         3368.00         2948.00        
  isdataat         78051           27              6               3597            2890.00         3156.00         2814.00        
  flowbits         11267768        3873            182             78113           2909.00         4292.00         2841.00        
  urilen           593215          79              17              308218          7509.00         3129.00         8709.00        
  byte_extract     161537          49              49              4449            3296.00         3296.00         0.00           
  asn1             126106          7               0               49003           18015.00        0.00            18015.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            139578          47              47              8524            2969.00         2969.00         0.00           
  dsize            10175           3               3               3826            3391.00         3391.00         0.00           
  flow             30798233        8891            8891            4976035         3463.00         3463.00         0.00           
  flowbits         11038200        3820            129             78113           2889.00         4276.00         2841.00        
  asn1             126106          7               0               49003           18015.00        0.00            18015.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          32788300        7517            4207            65301           4361.00         4206.00         4559.00        
  pcre             1262716         306             105             31307           4126.00         3461.00         4473.00        
  byte_test        12729348        1806            872             7212837         7048.00         11457.00        2932.00        
  byte_jump        2661916         899             143             33712           2960.00         3027.00         2948.00        
  isdataat         78051           27              6               3597            2890.00         3156.00         2814.00        
  byte_extract     161537          49              49              4449            3296.00         3296.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         229568          53              53              13829           4331.00         4331.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        263872          51              4               42612           5173.00         6363.00         5072.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          309960          85              16              18332           3646.00         4960.00         3341.00        
  pcre             146018          31              11              6332            4710.00         5246.00         4415.00        
  urilen           593215          79              17              308218          7509.00         3129.00         8709.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          90052           11              4               21089           8186.00         4326.00         10392.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          113639          20              0               53630           5681.00         0.00            5681.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38869247        3154            412             210818          12323.00        42401.00        7804.00        
  byte_jump        186888          41              41              62922           4558.00         4558.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1767661         435             321             18126           4063.00         4088.00         3993.00        
  pcre             485774          54              40              35917           8995.00         6487.00         16162.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          95314           26              6               5012            3665.00         3848.00         3611.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3862            1               1               3862            3862.00         3862.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  byte_test        6552            1               0               6552            6552.00         0.00            6552.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          32161           7               0               5675            4594.00         0.00            4594.00        
  pcre             45173           7               0               7161            6453.00         0.00            6453.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          113185          36              15              4366            3144.00         3374.00         2979.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          546360          142             93              6306            3847.00         4126.00         3317.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3422            1               1               3422            3422.00         3422.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          24508           7               0               3935            3501.00         0.00            3501.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-alert-2019-05-06-T-14-28-15-05062019.1428-123456.pcap.txt - (11383 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
10/01/2018-18:54:24.658428  [**] [1:2009702:5] ET POLICY DNS Update From External net [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.1.75.167:57645 -> 10.1.75.4:53
10/01/2018-18:54:24.668530  [**] [1:2009702:5] ET POLICY DNS Update From External net [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.1.75.167:63452 -> 10.1.75.4:53
10/01/2018-18:55:34.190234  [**] [1:2019613:3] ET POLICY Office Document Download Containing AutoOpen Macro [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 190.107.177.240:80 -> 10.1.75.167:62049
10/01/2018-18:55:34.196300  [**] [1:2019837:3] ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 190.107.177.240:80 -> 10.1.75.167:62049
10/01/2018-18:56:04.357050  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 23.229.231.33:80 -> 10.1.75.167:62057
10/01/2018-18:56:04.357050  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 23.229.231.33:80 -> 10.1.75.167:62057
10/01/2018-18:56:04.357050  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 23.229.231.33:80 -> 10.1.75.167:62057
10/01/2018-18:57:48.573073  [**] [1:2021997:3] ET POLICY External IP Lookup api.ipify.org [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.1.75.167:62060 -> 54.243.123.39:80
10/01/2018-19:00:42.319389  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.167:62069
10/01/2018-19:00:42.715968  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.161.54.60:80 -> 10.1.75.167:62069
10/01/2018-19:00:42.715968  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.167:62069
10/01/2018-19:00:42.715968  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.167:62069
10/01/2018-19:01:07.982124  [**] [1:2008276:15] ET USER_AGENTS Suspicious User-Agent (contains loader) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.167:62072 -> 192.161.54.60:80
10/01/2018-19:01:07.982128  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:01:08.383375  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:01:08.383375  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:01:10.784194  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:10.784245  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:10.992560  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:16.009700  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:16.012335  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:21.022919  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:21.025328  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:26.051549  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:26.054326  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:31.088039  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:31.091481  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:34.635891  [**] [1:2100494:12] GPL ATTACK_RESPONSE command completed [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.1.75.167:62339 -> 200.29.24.36:8082
10/01/2018-19:01:36.119620  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62079 -> 10.1.75.4:445
10/01/2018-19:01:36.122134  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:36.122555  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:36.337415  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:41.366571  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:41.369202  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:46.373114  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:46.376181  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.390335  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.396271  [**] [1:2102471:12] GPL NETBIOS SMB-DS C$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.470057  [**] [1:2102471:12] GPL NETBIOS SMB-DS C$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:51.495886  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:54.720050  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62340 -> 10.1.75.4:445
10/01/2018-19:01:55.278718  [**] [1:2008276:15] ET USER_AGENTS Suspicious User-Agent (contains loader) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.167:62072 -> 192.161.54.60:80
10/01/2018-19:01:55.278959  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:01:55.676464  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.167:62072
10/01/2018-19:07:16.589310  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.4:63617
10/01/2018-19:07:17.373012  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.161.54.60:80 -> 10.1.75.4:63617
10/01/2018-19:07:17.373012  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.4:63617
10/01/2018-19:07:17.373012  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.4:63617
10/01/2018-19:07:27.825926  [**] [1:2100494:12] GPL ATTACK_RESPONSE command completed [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.1.75.4:63614 -> 200.29.24.36:8082
10/01/2018-19:07:50.242736  [**] [1:2008276:15] ET USER_AGENTS Suspicious User-Agent (contains loader) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.4:63620 -> 192.161.54.60:80
10/01/2018-19:07:50.242915  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:07:50.643620  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:07:50.643620  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:07:57.354868  [**] [1:2008276:15] ET USER_AGENTS Suspicious User-Agent (contains loader) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.1.75.4:63620 -> 192.161.54.60:80
10/01/2018-19:07:57.355018  [**] [1:2014819:3] ET INFO Packed Executable Download [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:07:58.143786  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.161.54.60:80 -> 10.1.75.4:63620
10/01/2018-19:09:44.887134  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.1.75.167:62349 -> 10.1.75.4:445


unified2.alert.1557152893 - (111302 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
4[²m`
üªf!
K§
Ká-5¶[²m`[²m`
üš„++ÓUsϋ2žEŒ(€ŽŒ
K§
Ká-5x?üø¹(
pixelshinenet
Rigsby-Win-PC
pixelshinenetþÀ ÿÀ ÿÀ °
K§4[²m`
3rªf!
K§
K÷Ü5-[²m`[²m`
3r„++ÓUsϋ2žE7€Ž
K§
K÷Ü5ïä$Q(
pixelshinenet
Rigsby-Win-PC
pixelshinenetþÀ ÿÀ ÿÀ °
K§	1040-ms-71-5b96$66e80234-c5ab-11e8-64b6-0001e669535aúÿ6gss-tsig[²m\Œ ÿÿÿÿÿ(뼁×+tnr»I((PHÏQ4[²m¦çÑ!¾k±ð
K§PòaZ[²m¦[²m¦ç>E0ïľk±ð
K§PòaPò&4[²m¦þÌÑý¾k±ð
K§PòaZ[²m¦[²m¦þÌ>E0ïľk±ð
K§PòaPh	 r
œ¶wCMWDN'tkÿÿ8oÿÿ0ÿÿÿÿ(ÿÿÿÿŒ²Attribute VB_Name = "IaC€wwiF"

ðBasx1Normal.ThisDocument
VGlobal SpaclFalse¢CreatablPredeclaId™Tru
BExposeTemplateDeriv$Customiz„Cƒ1Sub AutoOpen()
   If dLukjJ > 15 Then

oAMkCS›tWBb1€ƒEnd€oBwr A€	XbnhhYiZNCBbHpnoHojqU Eqv 19†BYikpAzsWOFC< RqnuHO†vkKXETpWMzTY TGadtŽMqBBf <> t WLRzQFFLOjjFAFCABˆ
iZdkWkNiAsK (KeyS€‘ng(rEYzJYW +@ kkSlnÀ1J2639crpbDÀHMG@QXjwU)ÀsKXHY+ I0ARFw@bGYhaaÀkDIHwFM148	45iscoBÀYOBHwqGJAzQtfICj@RClpIzcILMpJ„MXUOwV€QLPJATKÁ	€IsdaRiFFzTTIsuu Or owKpAwFDhcLvHwÂSVFjXrbZo YuoWQŽTSUPLi€ŠZQiL‡zFiwOkÀwCMWDNˆ
Á€Á”rU€€€		0	1Y	á
4a©ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¹0üƘXrU€€€	ÿÿÿÿÿÿÿÿ@$`ÿÿÿÿÿÿÿÿÿÿnð”Ԉÿÿÿÿ›o<Â.øÿÿ¶ÿÿk^a^er^Z[²m¦[²m¦þÌ>E0ïľk±ð
K§PòaP$œ0b^;^¾aZRiMW Or @tNYkLC†_a PtfvzPVRSWoJwKEAuoMOb   € tOtql >€= XJBnP†@wjRbAVXJlbFKjBBkMmNq‡:L JIjoFwLAzjJYqµ1‚3†3phQdR€kQwksGkˆrVsFlbXnED€yw^$€”m#¬ƒ†I^-k^ov‚n^I^;
)G
,C]ZZR$"(À	l^iƒ
F^d€Qo^ln^w^o^DC.I^z^K€{^yr€]"MCkpvq‚NÁ{)^HcÀ
@ nÅ ^Z^ZpR^$(€i‚eo ^f;^'ÀxÀ.^'+C!Bc^bk+^'€]Y SrUPsBCvtDVPhFDSSYtOpÁr@
œÃjfIskVE <  HwAHNFfomvpmjvÈ zTnOYA^\$+c^i^l€Q*uÀ¤:ELeÀ$=^ÀLAX;'^3^x9^5B*Ë@„¼+’ †e+ H+ Â
ƒ)zElXca‡rmlM@§ÅÔFqjv$aqfmIzƒ
MFhBjw@ <= 19Æ6TXzYk1IPbxATbˆ7Fõˆ÷R ClpIz¡{nu`jiwCq‚`G=`¡0#$;)^'@^'(t^il "¢Sà5^7^h^qƒ6LAAj/^gràD.i^ibu@9f^m`9v VkXws$SBuifEkcPwo!rKKEH`KPfSI¨CvECYuW > AbzKASWÁz@pSZVrinawtIc <>  BpuKzæ
UhPiHLbdNdKLQM+hsGhX‡œcdWPrMawAEKaSLmAtibÁ‹ btUPQ†
wcHJnUáihha`QidlOÁ$.@^ar^ht)aÑ`ka//¥p@k„h^@^6^ic^Wn4 0T/£nFqNSBˆen^–. ¨`©k@itnC	@okv//:àtªt5@ƒ2Fàd ys^J^Jtc/ó£à:.gÀu @¶âB“€ÆB+ + bAÅWOIcJN€lDfOUwFpGDDMiauzzî$c GVawjA^AsiOwD¦NkpO˜diUcFhKZNrCriK @hjRjjWPWhkZBzw.I jRsCjB‡QHqonÇ2NssH	Â2Ba®LVJNuàFPAKUcæPBzdDráAT!ZŽ´kcIL@MpJMXDÄçz jtZlJbzwwRnçQbSJWÂ_sJrTult€VQYNZMCî JzcbG!LowMuXædOAC2lÁoo	ïÃfzPNjZi¢bvrKIMÆNqbUvGq™nwcpOjJAiA)t!t"o!$sf^fÑ=^wQC#w^wˆ*hC@^9R^gCr^YàA GMXlriaS0P†4^7/^m^oc^.À*p#ir^g^èdnam0Z[²m¦[²m¦þÌ>E0ïľk±ð
K§PòaPX|#)0¨^dNÀ-KàV6 äzàÑr^aÃl^u°[l^ecÀr^sb// 1dLncá6bjScMs6OOVSccáFnJYtMÀUãTfkpW
i.66XDzj"P!Zu
1f40
Røah°loZCq¦;h°d¶=Âp£	$°ˆ°9eÐeélC0fePôRÐÒNWtc`j Ð€KMrQuZP"
ªo0|w>=À{zAx áeóh^srÀwo@p&&r /^L %ÏqF)€
£+ p>c+ •¥>Ghlhmz Xor ‚1¶vkBOj1AÿZiYWwVÀW=@ QGiXm&tˆSkU’jHHèAãnrWVF.qRTv§*jtsX#°_ð#Miz_>jQ˜VpQ@p^JHÀ.aEtlsqTàž`oPqJqofvV9b;B¯UOwVw1;lEGmKztf0 ^in (¡à~8^3;€1;^0) Žo ^s¢¬7^TN=’!à/TNR!!Õ­:~%s0,1!1Ài^f0ð)LwbwKf¡j17¦@RfzDPwár0LaiG¡¹Õ)jvÀcsfCKtÁà	/^q ^0 Zcaa! 7ãTN:^*"	^!~=£d¸`‚v+ eE WvazTGà0XQCWJi!—
vCvVÂ[OVYA°u
cjdCb {= BFDjBjVKsbn"£MÀMjIiDwÏsÈAƀ	ÿÿÿÿxˆ€	ÿÿÿÿ
 °P¸‚smTdwpwMuibÿÿÿÿ
ÿÿÿÿ/Õ_VBA_PROJECTÿÿÿÿÿÿÿÿÿÿÿÿtSdirÿÿÿÿÿÿÿÿÿÿÿÿKm__SRP_0ÿÿÿÿÿÿÿÿUÿÿÿÿÿÿÿÿÿÿ4[²mÄrºΏ!åç!
K§PòiZ[²mÄ[²mÄrº>E0aåç!
K§PòiP{4000
°+j¿£Oã0ÿÁxåã	¿ØVtrX5œæüú¥rÆȝ='ZDiO×+ÿWbŸÃùä/u(◸¤gMN-]íŸ"^ƗZA?ø ‘)Ih‚_ÑôƒwN$€wPBìjIØ«'ÎL>Ú~tH6FÂ%@b³¾è^Ø]=Ìh¦YÛ£ŒtýC»À=¦#ç<·œiü†¥ø—ºUJä®É–]"xíÎXŸ
¾jäilôãšÕÂ]ØÍøt|Vˆ£g\è`‡ÑÖ#ø¼ÏWyïùýÚ«Ù³âlN4vm‘œGWÍcbßÊGôÜ_S¦.¯E¦Î'ù{Ó*V=#iRÜfwŒJAՖ˛íƒT1²Á0­u­¹9Bð¾÷FႹŽ{©d:
íø4éôÉ¥?veLÒ``B2}…½ÜÂH3„<q^Ñ͆W2‚¯Î®áÊ!§)YiG«å4Bx+hvZÿÀÉÍ¢XÐVågK¤#øuD08@R›&ÿ^°ýÞÓíÀs‡4
A½¿-Yö•¶÷¯_ ×KÈs–#UÃ,#M«åW£¯µõÓ÷×#a–„-1¬¦Ã1ê/16!Ľ‘°®Ê¦&uó[y©ÞÄp×?΅±@
y'ËØÒ4Œº­”"m8Tc~vœ`¯úðÆ`7¾
 +ƒN,ô“ƒtäÕFp°¨ivҋ’·2úbÛ÷ѝìVßIc“/—
#	¶êΰ£^¹ú2Ó¶òªå̓)ÿ{®ƒå»;֐9à•‚ºPcÿTa
‹›Þ²ðã9Eü'¢¥ÙÃ%J¡G´µ=—%C”•Œæøþ
Kb­šÌ˜½’›«LQ…Ø4•7AsgFåpÃóp-3Á÷†g4ÕÍó%ñhumÕøö¨¯Áa„ì¿®Ul˜Ø¢i}Åv?õ)4§Ð®™ÑUûÅ÷.åu…-ÅO
ôNÍ·8…¹hòJÐLÍ°kF«³‰Š›†aËÓW•âñåȓÀîî@’+}ºIx„`Xëdîg‰È3œ´Ÿ²_zô[×ð+½•ZÞÏá?©ñ"‘$ܙð²û¨n(“À•ÿöBlŸÃÆAÓ'XaG†u¼›ì“ÐMò¼×±V}†Šõ% ÜìŽHHguhìÞßE-—β2É3öYјpYƒÝÊÐ}êƒÚ&9çÌiŽ"¬Iî,ÛbK(ƒ×Á·©2?ûY¯u;#؆Ã`uJܒˆM›u6ÁbN¨›š±Ó–?-SÂXCS!m÷˜c—˜£ øÇTì'÷I•šõ×àæúÔ¶h Fw}!PPá";·åÇKÙí¾«
é\ ý˔ )šNæ@•Î]Ja#éBÅ&Íc‚=§ÐtVkÿ×µ«Œ¡ÐTL¯UÜçòÿ"WîvºG9ÂmkYwE¤|(¿¾‚Æ4ü$ìµkšè7†³Õ=;ù9˓%Œz}¹#iì̎4ÿ
p
àL6Ïn_UiۋÃN—z‰ê¡ÄìùG’r-µì`Sp¹%3Ñ++Õå¼ê¨¶£šºƒNÔ±ÍñÕ7‘ªº„Bu¤Fó,±’7}˜*!`òU_>˜Çt?6b@H¦e­Z;Åúø(æfY“à{*û"òVWxèWZ[²mÄ[²mÄrº>E0aåç!
K§PòiP‹Tó—]Ñå½8uràa™‰±Ýʉ™1„äÎÖ©ÎÍgBA¥ë=ÍüwºÐˆä÷‰a

Þ2[#?2éiÏò3¢ËÏi¹½›úÞsÌ9üñ©ËµãmáwfA
֟Œ-•=m)bO;“]nî§Èb`7—}‘¢»zƒduW<•Æù³wflün}­±ÄŠÛ1y¶‰¢´\AQƒ~Ö[lùuꝅ]>à¥í)ó>ÀÖ8t¡A|ö‰L`8¸4ú猄ùìH±Rúë‘9«D;áÆ®‘ó0KÊÃrWÕ”R”J±á4ŽbÇ,ØM%«vǒ„•£RCIÊm“­Ïë2,?Äù3¥™aV¡vȘÒ}ƒÜHÉJò9_«¸“+ôÔ "ËD$
eÞœ^%è˜ú»Wn>1¡}™LˆI9·on6'û4Qy ̯çÇ¡‹Â0¼Ï©,yºÌyù•°
äÿ¹Ã‘õ«1É·[þmXµgeϺ†1Þó
Y¦$«!ϊø-q·×5ǎ¸eYËTkM¬/	®Œß½Úèj¼zöÛb…Þ"Ìjé¼]È­¶÷µ¼mþä"7ç`•[
N¾J,¡õoˆü›¯ÓxÑèá6^è±¢HÀ‡†åR¬Ž«~%bHb&‹5†Ô¾
gíPÊ1¶ZîšÏ½ºWBä`g/Š‡Ñ
hը̭R˜ÌÝ7IñPSó–è,~ô®šñig!¸¿+ËzÞ՚¢:<¯«Í¢[	Ÿ¸=Õº iý֕µ]9ò°mQY_øš@¨šxõÁÏëáȼÊzºç+…ӆV]á½ó,N¤_:zx#jd—žg\›hÃ}Vïo¹úò¶±3“ÑæŠ!ßÞ¤$ÀPñÃÆs¥EG5ÀÉä-
W?—èøHÆ­´cTÑ`½;ñÛ¢¤ÂNޚÛò1ƒÁ2„ˆèKA×Ýää(‰Üµ"K|°é:š±F3½£¬†rV¦]I	™—F¥wZ’ÐìÙcf)+5jÎxî8ä0:ó©|ùZ^¥W•¹­¬b»ÀO¼\0mö£q¸×*íh€²Äâ¢æà›Ùû«tã¨e3þÌììÄaéaùnsHÅ®'iaÖqiÜø©6ceÔ£%\8úM_?ôÈX&`¸\_ýz¸X×,_Àx‰ƒ
¦OâU4 ²è›$z—77Ðõ
TRÎ/b°õ`…§‘ANø|Æ1¬sõXǦ4n\Zl&Ü˃Fjyy–öE÷çÉ@{ü €+ïÔW765†©Þ«çSÊcÙ¦ƒ±w¥¹—“)–e๠‚Ã¥õ4£‡%p7iÝßR%Æè ÜOš81<0Á+i2MÌ5ÝÎʪ‚tqE)6üÕºÇZ{¾|SÜr„ÈÑÉÒ¾;T<]Ì¢rh~ÚÞïx¨r0Ø,¼%9•˜PçYbc=P÷ŽÑî¦ô7§6p¨.M’Ö«
J¦öPsñ6Œ÷ÌZ”Œ—Ffå¾7†äØQèÁ‹î7ñ¢vøŕ\Óe˜Þ,4R‘¨Ž^¾„¶k3L™–|!´’I|}€;8¢K§{µ°ÊŽŒÜe¯ËÅ„mI»#ÀOãv®Ì¿ñ”À²E«wðƳ"HêpäVØØQ·ÂÍØN1³ŠªÕµÎT+¶÷nÛuÅO,ë0v
‡),{{Æ&+›Ò4[²mÄrºÅåç!
K§PòiZ[²mÄ[²mÄrº>E0aåç!
K§PòiP{4000
°+j¿£Oã0ÿÁxåã	¿ØVtrX5œæüú¥rÆȝ='ZDiO×+ÿWbŸÃùä/u(◸¤gMN-]íŸ"^ƗZA?ø ‘)Ih‚_ÑôƒwN$€wPBìjIØ«'ÎL>Ú~tH6FÂ%@b³¾è^Ø]=Ìh¦YÛ£ŒtýC»À=¦#ç<·œiü†¥ø—ºUJä®É–]"xíÎXŸ
¾jäilôãšÕÂ]ØÍøt|Vˆ£g\è`‡ÑÖ#ø¼ÏWyïùýÚ«Ù³âlN4vm‘œGWÍcbßÊGôÜ_S¦.¯E¦Î'ù{Ó*V=#iRÜfwŒJAՖ˛íƒT1²Á0­u­¹9Bð¾÷FႹŽ{©d:
íø4éôÉ¥?veLÒ``B2}…½ÜÂH3„<q^Ñ͆W2‚¯Î®áÊ!§)YiG«å4Bx+hvZÿÀÉÍ¢XÐVågK¤#øuD08@R›&ÿ^°ýÞÓíÀs‡4
A½¿-Yö•¶÷¯_ ×KÈs–#UÃ,#M«åW£¯µõÓ÷×#a–„-1¬¦Ã1ê/16!Ľ‘°®Ê¦&uó[y©ÞÄp×?΅±@
y'ËØÒ4Œº­”"m8Tc~vœ`¯úðÆ`7¾
 +ƒN,ô“ƒtäÕFp°¨ivҋ’·2úbÛ÷ѝìVßIc“/—
#	¶êΰ£^¹ú2Ó¶òªå̓)ÿ{®ƒå»;֐9à•‚ºPcÿTa
‹›Þ²ðã9Eü'¢¥ÙÃ%J¡G´µ=—%C”•Œæøþ
Kb­šÌ˜½’›«LQ…Ø4•7AsgFåpÃóp-3Á÷†g4ÕÍó%ñhumÕøö¨¯Áa„ì¿®Ul˜Ø¢i}Åv?õ)4§Ð®™ÑUûÅ÷.åu…-ÅO
ôNÍ·8…¹hòJÐLÍ°kF«³‰Š›†aËÓW•âñåȓÀîî@’+}ºIx„`Xëdîg‰È3œ´Ÿ²_zô[×ð+½•ZÞÏá?©ñ"‘$ܙð²û¨n(“À•ÿöBlŸÃÆAÓ'XaG†u¼›ì“ÐMò¼×±V}†Šõ% ÜìŽHHguhìÞßE-—β2É3öYјpYƒÝÊÐ}êƒÚ&9çÌiŽ"¬Iî,ÛbK(ƒ×Á·©2?ûY¯u;#؆Ã`uJܒˆM›u6ÁbN¨›š±Ó–?-SÂXCS!m÷˜c—˜£ øÇTì'÷I•šõ×àæúÔ¶h Fw}!PPá";·åÇKÙí¾«
é\ ý˔ )šNæ@•Î]Ja#éBÅ&Íc‚=§ÐtVkÿ×µ«Œ¡ÐTL¯UÜçòÿ"WîvºG9ÂmkYwE¤|(¿¾‚Æ4ü$ìµkšè7†³Õ=;ù9˓%Œz}¹#iì̎4ÿ
p
àL6Ïn_UiۋÃN—z‰ê¡ÄìùG’r-µì`Sp¹%3Ñ++Õå¼ê¨¶£šºƒNÔ±ÍñÕ7‘ªº„Bu¤Fó,±’7}˜*!`òU_>˜Çt?6b@H¦e­Z;Åúø(æfY“à{*û"òVWxèWZ[²mÄ[²mÄrº>E0aåç!
K§PòiP‹Tó—]Ñå½8uràa™‰±Ýʉ™1„äÎÖ©ÎÍgBA¥ë=ÍüwºÐˆä÷‰a

Þ2[#?2éiÏò3¢ËÏi¹½›úÞsÌ9üñ©ËµãmáwfA
֟Œ-•=m)bO;“]nî§Èb`7—}‘¢»zƒduW<•Æù³wflün}­±ÄŠÛ1y¶‰¢´\AQƒ~Ö[lùuꝅ]>à¥í)ó>ÀÖ8t¡A|ö‰L`8¸4ú猄ùìH±Rúë‘9«D;áÆ®‘ó0KÊÃrWÕ”R”J±á4ŽbÇ,ØM%«vǒ„•£RCIÊm“­Ïë2,?Äù3¥™aV¡vȘÒ}ƒÜHÉJò9_«¸“+ôÔ "ËD$
eÞœ^%è˜ú»Wn>1¡}™LˆI9·on6'û4Qy ̯çÇ¡‹Â0¼Ï©,yºÌyù•°
äÿ¹Ã‘õ«1É·[þmXµgeϺ†1Þó
Y¦$«!ϊø-q·×5ǎ¸eYËTkM¬/	®Œß½Úèj¼zöÛb…Þ"Ìjé¼]È­¶÷µ¼mþä"7ç`•[
N¾J,¡õoˆü›¯ÓxÑèá6^è±¢HÀ‡†åR¬Ž«~%bHb&‹5†Ô¾
gíPÊ1¶ZîšÏ½ºWBä`g/Š‡Ñ
hը̭R˜ÌÝ7IñPSó–è,~ô®šñig!¸¿+ËzÞ՚¢:<¯«Í¢[	Ÿ¸=Õº iý֕µ]9ò°mQY_øš@¨šxõÁÏëáȼÊzºç+…ӆV]á½ó,N¤_:zx#jd—žg\›hÃ}Vïo¹úò¶±3“ÑæŠ!ßÞ¤$ÀPñÃÆs¥EG5ÀÉä-
W?—èøHÆ­´cTÑ`½;ñÛ¢¤ÂNޚÛò1ƒÁ2„ˆèKA×Ýää(‰Üµ"K|°é:š±F3½£¬†rV¦]I	™—F¥wZ’ÐìÙcf)+5jÎxî8ä0:ó©|ùZ^¥W•¹­¬b»ÀO¼\0mö£q¸×*íh€²Äâ¢æà›Ùû«tã¨e3þÌììÄaéaùnsHÅ®'iaÖqiÜø©6ceÔ£%\8úM_?ôÈX&`¸\_ýz¸X×,_Àx‰ƒ
¦OâU4 ²è›$z—77Ðõ
TRÎ/b°õ`…§‘ANø|Æ1¬sõXǦ4n\Zl&Ü˃Fjyy–öE÷çÉ@{ü €+ïÔW765†©Þ«çSÊcÙ¦ƒ±w¥¹—“)–e๠‚Ã¥õ4£‡%p7iÝßR%Æè ÜOš81<0Á+i2MÌ5ÝÎʪ‚tqE)6üÕºÇZ{¾|SÜr„ÈÑÉÒ¾;T<]Ì¢rh~ÚÞïx¨r0Ø,¼%9•˜PçYbc=P÷ŽÑî¦ô7§6p¨.M’Ö«
J¦öPsñ6Œ÷ÌZ”Œ—Ffå¾7†äØQèÁ‹î7ñ¢vøŕ\Óe˜Þ,4R‘¨Ž^¾„¶k3L™–|!´’I|}€;8¢K§{µ°ÊŽŒÜe¯ËÅ„mI»#ÀOãv®Ì¿ñ”À²E«wðƳ"HêpäVØØQ·ÂÍØN1³ŠªÕµÎT+¶÷nÛuÅO,ë0v
‡),{{Æ&+›Ò4[²mÄrº½8åç!
K§PòiZ[²mÄ[²mÄrº>E0aåç!
K§PòiP{4000
°+j¿£Oã0ÿÁxåã	¿ØVtrX5œæüú¥rÆȝ='ZDiO×+ÿWbŸÃùä/u(◸¤gMN-]íŸ"^ƗZA?ø ‘)Ih‚_ÑôƒwN$€wPBìjIØ«'ÎL>Ú~tH6FÂ%@b³¾è^Ø]=Ìh¦YÛ£ŒtýC»À=¦#ç<·œiü†¥ø—ºUJä®É–]"xíÎXŸ
¾jäilôãšÕÂ]ØÍøt|Vˆ£g\è`‡ÑÖ#ø¼ÏWyïùýÚ«Ù³âlN4vm‘œGWÍcbßÊGôÜ_S¦.¯E¦Î'ù{Ó*V=#iRÜfwŒJAՖ˛íƒT1²Á0­u­¹9Bð¾÷FႹŽ{©d:
íø4éôÉ¥?veLÒ``B2}…½ÜÂH3„<q^Ñ͆W2‚¯Î®áÊ!§)YiG«å4Bx+hvZÿÀÉÍ¢XÐVågK¤#øuD08@R›&ÿ^°ýÞÓíÀs‡4
A½¿-Yö•¶÷¯_ ×KÈs–#UÃ,#M«åW£¯µõÓ÷×#a–„-1¬¦Ã1ê/16!Ľ‘°®Ê¦&uó[y©ÞÄp×?΅±@
y'ËØÒ4Œº­”"m8Tc~vœ`¯úðÆ`7¾
 +ƒN,ô“ƒtäÕFp°¨ivҋ’·2úbÛ÷ѝìVßIc“/—
#	¶êΰ£^¹ú2Ó¶òªå̓)ÿ{®ƒå»;֐9à•‚ºPcÿTa
‹›Þ²ðã9Eü'¢¥ÙÃ%J¡G´µ=—%C”•Œæøþ
Kb­šÌ˜½’›«LQ…Ø4•7AsgFåpÃóp-3Á÷†g4ÕÍó%ñhumÕøö¨¯Áa„ì¿®Ul˜Ø¢i}Åv?õ)4§Ð®™ÑUûÅ÷.åu…-ÅO
ôNÍ·8…¹hòJÐLÍ°kF«³‰Š›†aËÓW•âñåȓÀîî@’+}ºIx„`Xëdîg‰È3œ´Ÿ²_zô[×ð+½•ZÞÏá?©ñ"‘$ܙð²û¨n(“À•ÿöBlŸÃÆAÓ'XaG†u¼›ì“ÐMò¼×±V}†Šõ% ÜìŽHHguhìÞßE-—β2É3öYјpYƒÝÊÐ}êƒÚ&9çÌiŽ"¬Iî,ÛbK(ƒ×Á·©2?ûY¯u;#؆Ã`uJܒˆM›u6ÁbN¨›š±Ó–?-SÂXCS!m÷˜c—˜£ øÇTì'÷I•šõ×àæúÔ¶h Fw}!PPá";·åÇKÙí¾«
é\ ý˔ )šNæ@•Î]Ja#éBÅ&Íc‚=§ÐtVkÿ×µ«Œ¡ÐTL¯UÜçòÿ"WîvºG9ÂmkYwE¤|(¿¾‚Æ4ü$ìµkšè7†³Õ=;ù9˓%Œz}¹#iì̎4ÿ
p
àL6Ïn_UiۋÃN—z‰ê¡ÄìùG’r-µì`Sp¹%3Ñ++Õå¼ê¨¶£šºƒNÔ±ÍñÕ7‘ªº„Bu¤Fó,±’7}˜*!`òU_>˜Çt?6b@H¦e­Z;Åúø(æfY“à{*û"òVWxèWZ[²mÄ[²mÄrº>E0aåç!
K§PòiP‹Tó—]Ñå½8uràa™‰±Ýʉ™1„äÎÖ©ÎÍgBA¥ë=ÍüwºÐˆä÷‰a

Þ2[#?2éiÏò3¢ËÏi¹½›úÞsÌ9üñ©ËµãmáwfA
֟Œ-•=m)bO;“]nî§Èb`7—}‘¢»zƒduW<•Æù³wflün}­±ÄŠÛ1y¶‰¢´\AQƒ~Ö[lùuꝅ]>à¥í)ó>ÀÖ8t¡A|ö‰L`8¸4ú猄ùìH±Rúë‘9«D;áÆ®‘ó0KÊÃrWÕ”R”J±á4ŽbÇ,ØM%«vǒ„•£RCIÊm“­Ïë2,?Äù3¥™aV¡vȘÒ}ƒÜHÉJò9_«¸“+ôÔ "ËD$
eÞœ^%è˜ú»Wn>1¡}™LˆI9·on6'û4Qy ̯çÇ¡‹Â0¼Ï©,yºÌyù•°
äÿ¹Ã‘õ«1É·[þmXµgeϺ†1Þó
Y¦$«!ϊø-q·×5ǎ¸eYËTkM¬/	®Œß½Úèj¼zöÛb…Þ"Ìjé¼]È­¶÷µ¼mþä"7ç`•[
N¾J,¡õoˆü›¯ÓxÑèá6^è±¢HÀ‡†åR¬Ž«~%bHb&‹5†Ô¾
gíPÊ1¶ZîšÏ½ºWBä`g/Š‡Ñ
hը̭R˜ÌÝ7IñPSó–è,~ô®šñig!¸¿+ËzÞ՚¢:<¯«Í¢[	Ÿ¸=Õº iý֕µ]9ò°mQY_øš@¨šxõÁÏëáȼÊzºç+…ӆV]á½ó,N¤_:zx#jd—žg\›hÃ}Vïo¹úò¶±3“ÑæŠ!ßÞ¤$ÀPñÃÆs¥EG5ÀÉä-
W?—èøHÆ­´cTÑ`½;ñÛ¢¤ÂNޚÛò1ƒÁ2„ˆèKA×Ýää(‰Üµ"K|°é:š±F3½£¬†rV¦]I	™—F¥wZ’ÐìÙcf)+5jÎxî8ä0:ó©|ùZ^¥W•¹­¬b»ÀO¼\0mö£q¸×*íh€²Äâ¢æà›Ùû«tã¨e3þÌììÄaéaùnsHÅ®'iaÖqiÜø©6ceÔ£%\8úM_?ôÈX&`¸\_ýz¸X×,_Àx‰ƒ
¦OâU4 ²è›$z—77Ðõ
TRÎ/b°õ`…§‘ANø|Æ1¬sõXǦ4n\Zl&Ü˃Fjyy–öE÷çÉ@{ü €+ïÔW765†©Þ«çSÊcÙ¦ƒ±w¥¹—“)–e๠‚Ã¥õ4£‡%p7iÝßR%Æè ÜOš81<0Á+i2MÌ5ÝÎʪ‚tqE)6üÕºÇZ{¾|SÜr„ÈÑÉÒ¾;T<]Ì¢rh~ÚÞïx¨r0Ø,¼%9•˜PçYbc=P÷ŽÑî¦ô7§6p¨.M’Ö«
J¦öPsñ6Œ÷ÌZ”Œ—Ffå¾7†äØQèÁ‹î7ñ¢vøŕ\Óe˜Þ,4R‘¨Ž^¾„¶k3L™–|!´’I|}€;8¢K§{µ°ÊŽŒÜe¯ËÅ„mI»#ÀOãv®Ì¿ñ”À²E«wðƳ"HêpäVØØQ·ÂÍØN1³ŠªÕµÎT+¶÷nÛuÅO,ë0v
‡),{{Æ&+›Ò4[²n,¾‘Úm!
K§6ó{'òlP[²n,[²n,¾‘öEè²N
K§6ó{'òlPP¹GET / HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Host: api.ipify.org

4	[²nÚߝ¾cÀ¡6<
K§PòuZ	[²nÚ[²nÚߝ>E0iCÀ¡6<
K§PòuP;îHTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 01 Oct 2018 19:00:42 GMT
Content-Type: image/png
Content-Length: 392192
Last-Modified: Mon, 01 Oct 2018 15:19:53 GMT
Connection: keep-alive
ETag: "5bb23b19-5fc00"
Accept-Ranges: bytes

MZÿÿ¸@€º´	Í!¸LÍ!This program cannot be run in DOS mode.

$PEL¾ß±[àf’À€@`iÖ `´HÏ€Daô.textØdf P`.dataĨ€ªj@pÀ.rdataÈ0@0@.bss@€pÀ.idata´` @0À.CRT4p(@0À.tls €*@0À.rsrcHϐÐ,@0À

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2019-05-06-T-14-28-15-05062019.1428-123456.pcap.txt - (84053 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/6/2019 -- 14:28:15. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2001330      1        8        20172800     4.82   3479     0        10309151    5798.45     0.00        5798.45    
  2        2009702      1        5        7995357      1.91   70       2        7235339     114219.39   31499.00    116652.34  
  3        2020020      1        1        7376700      1.76   226      0        6740908     32640.27    0.00        32640.27   
  4        2017552      1        6        27574816     6.59   1624     0        4991470     16979.57    0.00        16979.57   
  5        2016537      1        2        26249700     6.27   1607     4        2673894     16334.60    62875.25    16218.46   
  6        2014519      1        7        2291253      0.55   194      0        416762      11810.58    0.00        11810.58   
  7        2024771      1        1        16840179     4.02   2748     0        406030      6128.16     0.00        6128.16    
  8        2008117      1        3        900676       0.22   171      0        384360      5267.11     0.00        5267.11    
  9        2018983      1        7        492318       0.12   7        0        333216      70331.14    0.00        70331.14   
  10       2016855      1        2        1277667      0.31   6        0        240359      212944.50   0.00        212944.50  
  11       2020865      1        3        33693996     8.05   267      0        230316      126194.74   0.00        126194.74  
  12       2016854      1        3        1102893      0.26   6        0        210876      183815.50   0.00        183815.50  
  13       2019613      1        3        222820       0.05   7        1        205727      31831.43    205727.00   2848.83    
  14       2012520      1        7        162710       0.04   1        1        162710      162710.00   162710.00   0.00       
  15       2008438      1        20       1127769      0.27   21       0        160079      53703.29    0.00        53703.29   
  16       2024769      1        2        732474       0.17   7        0        157806      104639.14   0.00        104639.14  
  17       2103042      1        5        839992       0.20   255      0        139978      3294.09     0.00        3294.09    
  18       2018496      1        9        310535       0.07   7        0        139490      44362.14    0.00        44362.14   
  19       2014819      1        3        506683       0.12   6        6        130728      84447.17    84447.17    0.00       
  20       2019837      1        3        177956       0.04   11       1        120715      16177.82    120715.00   5724.10    
  21       2022050      1        3        1178990      0.28   21       0        119211      56142.38    0.00        56142.38   
  22       2019881      1        3        336493       0.08   7        0        114948      48070.43    0.00        48070.43   
  23       2102468      1        9        1501977      0.36   48       0        113126      31291.19    0.00        31291.19   
  24       2014353      1        6        553199       0.13   56       0        110856      9878.55     0.00        9878.55    
  25       2102383      1        21       507690       0.12   12       0        108224      42307.50    0.00        42307.50   
  26       2018982      1        2        1261062      0.30   21       0        104507      60050.57    0.00        60050.57   
  27       2018358      1        7        598348       0.14   7        0        104350      85478.29    0.00        85478.29   
  28       2102483      1        9        129632       0.03   2        0        101731      64816.00    0.00        64816.00   
  29       2102954      1        4        1402718      0.34   44       0        92855       31879.95    0.00        31879.95   
  30       2102465      1        9        1657569      0.40   44       23       92179       37672.02    50133.57    24023.67   
  31       2020569      1        1        1212680      0.29   21       0        89601       57746.67    0.00        57746.67   
  32       2018064      1        2        313800       0.07   12       0        89497       26150.00    0.00        26150.00   
  33       2019345      1        2        4062285      0.97   283      0        88726       14354.36    0.00        14354.36   
  34       2014520      1        6        559376       0.13   87       1        86893       6429.61     11937.00    6365.57    
  35       2022339      1        2        389454       0.09   7        0        84781       55636.29    0.00        55636.29   
  36       2018068      1        2        327422       0.08   7        0        83411       46774.57    0.00        46774.57   
  37       2103030      1        5        3295743      0.79   124      0        82806       26578.57    0.00        26578.57   
  38       2018067      1        3        497802       0.12   57       0        81436       8733.37     0.00        8733.37    
  39       2102482      1        10       105950       0.03   2        0        81229       52975.00    0.00        52975.00   
  40       2103022      1        4        3982037      0.95   124      0        79315       32113.20    0.00        32113.20   
  41       2012707      1        5        518423       0.12   20       0        73602       25921.15    0.00        25921.15   
  42       2020421      1        2        890652       0.21   56       0        72986       15904.50    0.00        15904.50   
  43       2023626      1        3        1323155      0.32   451      0        72398       2933.82     0.00        2933.82    
  44       2019344      1        5        428163       0.10   7        1        71514       61166.14    56557.00    61934.33   
  45       2018065      1        2        642365       0.15   14       0        71123       45883.21    0.00        45883.21   
  46       2008575      1        5        9123962      2.18   1218     0        71101       7490.94     0.00        7490.94    
  47       2102257      1        10       306020       0.07   75       0        71035       4080.27     0.00        4080.27    
  48       2103038      1        5        3184156      0.76   124      0        70489       25678.68    0.00        25678.68   
  49       2024829      1        2        7178879      1.71   356      0        70294       20165.39    0.00        20165.39   
  50       2018241      1        2        536507       0.13   56       0        70143       9580.48     0.00        9580.48    
  51       2024650      1        1        6407788      1.53   458      0        68231       13990.80    0.00        13990.80   
  52       2018789      1        3        120293       0.03   15       0        68135       8019.53     0.00        8019.53    
  53       2018959      1        3        638883       0.15   56       5        68030       11408.62    57374.40    6902.18    
  54       2022220      1        2        278644       0.07   7        0        67573       39806.29    0.00        39806.29   
  55       2022503      1        2        287386       0.07   7        0        67522       41055.14    0.00        41055.14   
  56       2103056      1        5        2909365      0.69   255      0        67475       11409.27    0.00        11409.27   
  57       2020800      1        2        304143       0.07   10       0        67198       30414.30    0.00        30414.30   
  58       2018066      1        2        291369       0.07   7        0        66739       41624.14    0.00        41624.14   
  59       2103050      1        5        764707       0.18   255      0        66720       2998.85     0.00        2998.85    
  60       2014473      1        5        3670778      0.88   258      0        66667       14227.82    0.00        14227.82   
  61       2023711      1        2        722545       0.17   56       0        66566       12902.59    0.00        12902.59   
  62       2018063      1        3        131819       0.03   2        0        66008       65909.50    0.00        65909.50   
  63       2020774      1        2        222905       0.05   7        0        65932       31843.57    0.00        31843.57   
  64       2018032      1        2        65894        0.02   1        0        65894       65894.00    0.00        65894.00   
  65       2020765      1        2        223583       0.05   7        0        65880       31940.43    0.00        31940.43   
  66       2018057      1        4        164444       0.04   5        0        65564       32888.80    0.00        32888.80   
  67       2020771      1        2        139635       0.03   4        0        64910       34908.75    0.00        34908.75   
  68       2023670      1        3        276611       0.07   7        1        64046       39515.86    38035.00    39762.67   
  69       2020777      1        2        255217       0.06   8        0        63992       31902.12    0.00        31902.12   
  70       2018059      1        2        384665       0.09   28       0        63266       13738.04    0.00        13738.04   
  71       2021068      1        2        173141       0.04   3        0        63142       57713.67    0.00        57713.67   
  72       2019235      1        1        484025       0.12   156      0        62989       3102.72     0.00        3102.72    
  73       2014958      1        1        2713899      0.65   244      0        62520       11122.54    0.00        11122.54   
  74       2024909      1        2        7410969      1.77   376      0        62425       19710.02    0.00        19710.02   
  75       2014701      1        12       790318       0.19   70       0        62083       11290.26    0.00        11290.26   
  76       2023611      1        3        348162       0.08   10       0        61917       34816.20    0.00        34816.20   
  77       2025064      1        5        359968       0.09   9        0        61884       39996.44    0.00        39996.44   
  78       2103040      1        5        2553860      0.61   124      0        61480       20595.65    0.00        20595.65   
  79       2018316      1        4        395822       0.09   15       0        61428       26388.13    0.00        26388.13   
  80       2020614      1        2        158467       0.04   5        0        61322       31693.40    0.00        31693.40   
  81       2018558      1        5        1697505      0.41   558      0        61079       3042.12     0.00        3042.12    
  82       2103123      1        4        87984        0.02   2        0        61049       43992.00    0.00        43992.00   
  83       2103048      1        5        2950617      0.70   255      0        60968       11571.05    0.00        11571.05   
  84       2019901      1        1        109898       0.03   20       0        60399       5494.90     0.00        5494.90    
  85       2014703      1        9        609781       0.15   70       0        60182       8711.16     0.00        8711.16    
  86       2020610      1        3        214998       0.05   7        0        60037       30714.00    0.00        30714.00   
  87       2024778      1        1        1227816      0.29   404      0        59987       3039.15     0.00        3039.15    
  88       2008276      1        15       195269       0.05   4        4        59896       48817.25    48817.25    0.00       
  89       2103054      1        5        3537809      0.85   255      0        59722       13873.76    0.00        13873.76   
  90       2019165      1        3        878025       0.21   56       0        58955       15679.02    0.00        15679.02   
  91       2102997      1        6        81569        0.02   2        0        58314       40784.50    0.00        40784.50   
  92       2019103      1        4        833782       0.20   56       0        56779       14888.96    0.00        14888.96   
  93       2018061      1        2        280532       0.07   10       0        56551       28053.20    0.00        28053.20   
  94       2102471      1        12       1562136      0.37   48       2        55861       32544.50    51201.00    31733.35   
  95       2017748      1        6        3659949      0.87   258      0        54899       14185.85    0.00        14185.85   
  96       2018069      1        1        130414       0.03   4        0        54686       32603.50    0.00        32603.50   
  97       2013036      1        7        198362       0.05   6        0        54676       33060.33    0.00        33060.33   
  98       2022147      1        2        211827       0.05   6        0        54343       35304.50    0.00        35304.50   
  99       2016948      1        2        3546254      0.85   254      0        54332       13961.63    0.00        13961.63   
  100      2014957      1        1        1137966      0.27   96       0        54304       11853.81    0.00        11853.81   
  101      2025142      1        2        54230        0.01   1        0        54230       54230.00    0.00        54230.00   
  102      2018060      1        2        103081       0.02   2        0        54174       51540.50    0.00        51540.50   
  103      2020797      1        2        142902       0.03   4        0        54080       35725.50    0.00        35725.50   
  104      2013441      1        9        397443       0.09   21       0        53830       18925.86    0.00        18925.86   
  105      2020772      1        2        172635       0.04   6        0        53560       28772.50    0.00        28772.50   
  106      2020742      1        1        390228       0.09   15       0        53541       26015.20    0.00        26015.20   
  107      2018166      1        3        264406       0.06   9        0        53424       29378.44    0.00        29378.44   
  108      2103020      1        5        378013       0.09   124      0        53291       3048.49     0.00        3048.49    
  109      2020747      1        8        53157        0.01   1        0        53157       53157.00    0.00        53157.00   
  110      2018287      1        2        1017874      0.24   44       0        52796       23133.50    0.00        23133.50   
  111      2021067      1        2        264077       0.06   6        6        52750       44012.83    44012.83    0.00       
  112      2018062      1        2        154734       0.04   3        0        52710       51578.00    0.00        51578.00   
  113      2015986      1        5        1947390      0.47   683      0        52373       2851.23     0.00        2851.23    
  114      2016143      1        3        3882102      0.93   270      0        52168       14378.16    0.00        14378.16   
  115      2018464      1        4        903211       0.22   56       0        52096       16128.77    0.00        16128.77   
  116      2013352      1        4        487606       0.12   56       0        52051       8707.25     0.00        8707.25    
  117      2017935      1        3        3216700      0.77   1097     0        52009       2932.27     0.00        2932.27    
  118      2103003      1        7        274141       0.07   12       0        51639       22845.08    0.00        22845.08   
  119      2103044      1        6        787955       0.19   255      0        51048       3090.02     0.00        3090.02    
  120      2018958      1        18       308418       0.07   7        0        50717       44059.71    0.00        44059.71   
  121      2009897      1        14       452236       0.11   21       0        50654       21535.05    0.00        21535.05   
  122      2022053      1        2        857299       0.20   56       0        50580       15308.91    0.00        15308.91   
  123      2014471      1        6        239652       0.06   6        0        50451       39942.00    0.00        39942.00   
  124      2018260      1        4        321546       0.08   8        0        50440       40193.25    0.00        40193.25   
  125      2009909      1        10       40

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1149 bytes) - download
1
2
3
4
5
6
7
8
2019-05-06 14:28:05,410 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-06 14:28:06,172 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-06 14:28:06,172 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-05-06 14:28:06,172 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-06 14:28:06,172 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-06 14:28:06,173 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/bf33640071f0ba7015a2ccc660c6c262d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05062019.1428-123456.pcap -vvv -k none
2019-05-06 14:28:15,143 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-06 14:28:15,143 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.74975895882