Filename: packet_8F4311E8B13C005056A839A9F3928D8E.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 37.5431890488 seconds
Hash: c253961befb30b69806993b3eca40382
Uploaded: 1532460829

Logfiles


packet_stats.log - (4693 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6             1          4764138        4764138       4764138          4.8m  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6             1          4631118        4631118       4631118          4.6m   98.86
TMM_RECEIVEPCAPFILE         IPv4       6             1            13905          13905         13905         13.9k    0.30
TMM_DECODEPCAPFILE          IPv4       6             1            39387          39387         39387         39.4k    0.84

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             1            96603          96603         96603         96.6k  2.10  
stream                  IPv4       6             1            21408          21408         21408         21.4k  0.47  
detect                  IPv4       6             1          4473306        4473306       4473306          4.5m  97.24 
tcp-prune               IPv4       6             1             9117           9117          9117          9.1k  0.20  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             1           654225         654225        654225       654.2k  36.66 
stream                            IPv4       6             1          1130211        1130211       1130211         1.1m  63.34 
Total                             IPv4                     2                                        892218         1.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             1           166869         166869        166869        166.9k  2.67  
PROF_DETECT_RULES           IPv4       6             1          2214285        2214285       2214285          2.2m  35.44 
PROF_DETECT_STATEFUL_CONT    IPv4       6             1             2835           2835          2835          2.8k  0.05  
PROF_DETECT_PREFILTER       IPv4       6             1          1847898        1847898       1847898          1.8m  29.58 
PROF_DETECT_PF_PAYLOAD      IPv4       6             1          1793016        1793016       1793016          1.8m  28.70 
PROF_DETECT_PF_SORT1        IPv4       6             1            27774          27774         27774         27.8k  0.44  
PROF_DETECT_PF_SORT2        IPv4       6             1            11232          11232         11232         11.2k  0.18  
PROF_DETECT_NONMPMLIST      IPv4       6             1            10149          10149         10149         10.1k  0.16  
PROF_DETECT_ALERT           IPv4       6             1            18852          18852         18852         18.9k  0.30  
PROF_DETECT_CLEANUP         IPv4       6             1             7542           7542          7542          7.5k  0.12  
PROF_DETECT_GETSGH          IPv4       6             1           147081         147081        147081        147.1k  2.35  


suricata-4.0.0-etpro-all-perf.txt-2018-07-24-T-19-34-27-07242018.1932-packet_8F4311E8B13C005056A839A9F3928D8E.pcap.txt - (18390 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 7/24/2018 -- 19:34:27. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2814642      1        2        70950        4.88   1        0        70950       70950.00    0.00        70950.00   
  2        2810288      1        2        46806        3.22   1        0        46806       46806.00    0.00        46806.00   
  3        2814856      1        1        35901        2.47   1        0        35901       35901.00    0.00        35901.00   
  4        2824704      1        1        35505        2.44   1        0        35505       35505.00    0.00        35505.00   
  5        2820984      1        1        34416        2.37   1        0        34416       34416.00    0.00        34416.00   
  6        2814638      1        1        32364        2.23   1        0        32364       32364.00    0.00        32364.00   
  7        2017716      1        3        30624        2.11   1        0        30624       30624.00    0.00        30624.00   
  8        2803311      1        3        30078        2.07   1        0        30078       30078.00    0.00        30078.00   
  9        2822632      1        1        29040        2.00   1        0        29040       29040.00    0.00        29040.00   
  10       2824829      1        1        29037        2.00   1        0        29037       29037.00    0.00        29037.00   
  11       2824836      1        1        28968        1.99   1        0        28968       28968.00    0.00        28968.00   
  12       2804434      1        3        28911        1.99   1        0        28911       28911.00    0.00        28911.00   
  13       2824835      1        1        27921        1.92   1        0        27921       27921.00    0.00        27921.00   
  14       2824830      1        1        26217        1.80   1        0        26217       26217.00    0.00        26217.00   
  15       2814861      1        1        25932        1.78   1        0        25932       25932.00    0.00        25932.00   
  16       2824833      1        1        24915        1.71   1        0        24915       24915.00    0.00        24915.00   
  17       2824834      1        1        24261        1.67   1        0        24261       24261.00    0.00        24261.00   
  18       2824717      1        1        20397        1.40   1        0        20397       20397.00    0.00        20397.00   
  19       2824832      1        1        19713        1.36   1        0        19713       19713.00    0.00        19713.00   
  20       2815694      1        1        17355        1.19   1        0        17355       17355.00    0.00        17355.00   
  21       2814860      1        2        17115        1.18   1        0        17115       17115.00    0.00        17115.00   
  22       2814640      1        1        15627        1.07   1        0        15627       15627.00    0.00        15627.00   
  23       2815062      1        1        14364        0.99   1        0        14364       14364.00    0.00        14364.00   
  24       2815931      1        1        13998        0.96   1        0        13998       13998.00    0.00        13998.00   
  25       2814925      1        1        13545        0.93   1        0        13545       13545.00    0.00        13545.00   
  26       2815120      1        1        13251        0.91   1        0        13251       13251.00    0.00        13251.00   
  27       2819699      1        1        13032        0.90   1        0        13032       13032.00    0.00        13032.00   
  28       2815017      1        1        12987        0.89   1        0        12987       12987.00    0.00        12987.00   
  29       2823231      1        1        12924        0.89   1        0        12924       12924.00    0.00        12924.00   
  30       2815552      1        1        12918        0.89   1        0        12918       12918.00    0.00        12918.00   
  31       2824198      1        1        12915        0.89   1        0        12915       12915.00    0.00        12915.00   
  32       2815510      1        1        12705        0.87   1        0        12705       12705.00    0.00        12705.00   
  33       2815515      1        1        12705        0.87   1        0        12705       12705.00    0.00        12705.00   
  34       2815118      1        1        12639        0.87   1        0        12639       12639.00    0.00        12639.00   
  35       2814639      1        1        12492        0.86   1        0        12492       12492.00    0.00        12492.00   
  36       2815932      1        1        12429        0.85   1        0        12429       12429.00    0.00        12429.00   
  37       2819802      1        1        12345        0.85   1        0        12345       12345.00    0.00        12345.00   
  38       2821179      1        1        12180        0.84   1        0        12180       12180.00    0.00        12180.00   
  39       2815929      1        1        11928        0.82   1        0        11928       11928.00    0.00        11928.00   
  40       2815930      1        1        11895        0.82   1        0        11895       11895.00    0.00        11895.00   
  41       2820670      1        1        11859        0.82   1        0        11859       11859.00    0.00        11859.00   
  42       2815883      1        1        11838        0.81   1        0        11838       11838.00    0.00        11838.00   
  43       2017323      1        4        11754        0.81   1        0        11754       11754.00    0.00        11754.00   
  44       2815928      1        1        11439        0.79   1        0        11439       11439.00    0.00        11439.00   
  45       2816500      1        1        11436        0.79   1        0        11436       11436.00    0.00        11436.00   
  46       2815125      1        1        11427        0.79   1        0        11427       11427.00    0.00        11427.00   
  47       2815251      1        1        11379        0.78   1        0        11379       11379.00    0.00        11379.00   
  48       2816499      1        1        11235        0.77   1        0        11235       11235.00    0.00        11235.00   
  49       2824484      1        1        11178        0.77   1        0        11178       11178.00    0.00        11178.00   
  50       2816533      1        1        11133        0.77   1        0        11133       11133.00    0.00        11133.00   
  51       2823784      1        2        10983        0.76   1        0        10983       10983.00    0.00        10983.00   
  52       2816766      1        2        10908        0.75   1        0        10908       10908.00    0.00        10908.00   
  53       2815584      1        2        10698        0.74   1        0        10698       10698.00    0.00        10698.00   
  54       2816656      1        1        10662        0.73   1        0        10662       10662.00    0.00        10662.00   
  55       2815280      1        1        10587        0.73   1        0        10587       10587.00    0.00        10587.00   
  56       2816425      1        1        10518        0.72   1        0        10518       10518.00    0.00        10518.00   
  57       2816466      1        1        10515        0.72   1        0        10515       10515.00    0.00        10515.00   
  58       2816565      1        1        10455        0.72   1        0        10455       10455.00    0.00        10455.00   
  59       2816422      1        1        10407        0.72   1        0        10407       10407.00    0.00        10407.00   
  60       2008124      1        5        10341        0.71   1        0        10341       10341.00    0.00        10341.00   
  61       2017319      1        6        10287        0.71   1        0        10287       10287.00    0.00        10287.00   
  62       2019326      1        6        10269        0.71   1        0        10269       10269.00    0.00        10269.00   
  63       2822692      1        1        9942         0.68   1        0        9942        9942.00     0.00        9942.00    
  64       2816702      1        1        9933         0.68   1        0        9933        9933.00     0.00        9933.00    
  65       2816424      1        1        9699         0.67   1        0        9699        9699.00     0.00        9699.00    
  66       2017321      1        8        9612         0.66   1        0        9612        9612.00     0.00        9612.00    
  67       2019327      1        6        9597         0.66   1        0        9597        9597.00     0.00        9597.00    
  68       2017322      1        4        9576         0.66   1        0        9576        9576.00     0.00        9576.00    
  69       2816423      1        1        9465         0.65   1        0        9465        9465.00     0.00        9465.00    
  70       2806857      1        2        5376         0.37   1        0        5376        5376.00     0.00        5376.00    
  71       2008420      1        4        5235         0.36   1        0        5235        5235.00     0.00        5235.00    
  72       2806776      1        4        5154         0.35   1        0        5154        5154.00     0.00        5154.00    
  73       2821358      1        3        4917         0.34   1        0        4917        4917.00     0.00        4917.00    
  74       2815239      1        2        4839         0.33   1        0        4839        4839.00     0.00        4839.00    
  75       2809132      1        1        4581         0.32   1        0        4581        4581.00     0.00        4581.00    
  76       2823947      1        3        4497         0.31   1        0        4497        4497.00     0.00        4497.00    
  77       2823895      1        3        4479         0.31   1        0        4479        4479.00     0.00        4479.00    
  78       2018115      1        1        4413         0.30   1        0        4413        4413.00     0.00        4413.00    
  79       2826486      1        1        4293         0.30   1        0        4293        4293.00     0.00        4293.00    
  80       2823979      1        3        4275         0.29   1        0        4275        4275.00     0.00        4275.00    
  81       2828639      1        2        4215         0.29   1        0        4215        4215.00     0.00        4215.00    
  82       2009984      1        2        3990         0.27   1        0        3990        3990.00     0.00        3990.00    
  83       2821528      1        2        3987         0.27   1        0        3987        3987.00     0.00        3987.00    
  84       2025019      1        1        3957         0.27   1        0        3957        3957.00     0.00        3957.00    
  85       2000345      1        16       3942         0.27   1        0        3942        3942.00     0.00        3942.00    
  86       2000333      1        11       3939         0.27   1        0        3939        3939.00     0.00        3939.00    
  87       2816380      1        1        3894         0.27   1        0        3894        3894.00     0.00        3894.00    
  88       2102110      1        4        3873         0.27   1        0        3873        3873.00     0.00        3873.00    
  89       2100327      1        10       3849         0.26   1        0        3849        3849.00     0.00        3849.00    
  90       2826593      1        8        3849         0.26   1        0        3849        3849.00     0.00        3849.00    
  91       2810805      1        5        3744         0.26   1        0        3744        3744.00     0.00        3744.00    
  92       2825033      1        2        3717         0.26   1        0        3717        3717.00     0.00        3717.00    
  93       2816441      1        2        3642         0.25   1        0        3642        3642.00     0.00        3642.00    
  94       2810793      1        5        3633         0.25   1        0        3633        3633.00     0.00        3633.00    
  95       2101634      1        15       3600         0.25   1        0        3600        3600.00     0.00        3600.00    
  96       2825562      1        5        3597         0.25   1        0        3597        3597.00     0.00        3597.00    
  97       2828876      1        1        3594         0.25   1        0        3594        3594.00     0.00        3594.00    
  98       2101379      1        13       3576         0.25   1        0        3576        3576.00     0.00        3576.00    
  99       2820027      1        2        3573         0.25   1        0        3573        3573.00     0.00        3573.00    
  100      2824074      1        1        3570         0.25   1        0        3570        3570.00     0.00        3570.00    
  101      2815867      1        3        3555         0.24   1        0        3555        3555.00     0.00        3555.00    
  102      2823197      1        2        3555         0.24   1        0        3555        3555.00     0.00        3555.00    
  103      2824809      1        2        3549         0.24   1        0        3549        3549.00     0.00        3549.00    
  104      2815128      1        2        3537         0.24   1        0        3537        3537.00     0.00        3537.00    
  105      2824186      1        2        3528         0.24   1        0        3528        3528.00     0.00        3528.00    
  106      2820793      1        2        3525         0.24   1        0        3525        3525.00     0.00        3525.00    
  107      2017935      1        3        3522         0.24   1        0        3522        3522.00     0.00        3522.00    
  108      2815282      1        2        3522         0.24   1        0        3522        3522.00     0.00        3522.00    
  109      2821057      1        2        3522         0.24   1        0        3522        3522.00     0.00        3522.00    
  110      2824274      1        2        3516         0.24   1        0        3516        3516.00     0.00        3516.00    
  111      2816034      1        2        3510         0.24   1        0        3510        3510.00     0.00        3510.00    
  112      2816720      1        3        3501         0.24   1        0        3501        3501.00     0.00        3501.00    
  113      2824079      1        1        3492         0.24   1        0        3492        3492.00     0.00        3492.00    
  114      2815524      1        3        3486         0.24   1        0        3486        3486.00     0.00        3486.00    
  115      2824076      1        1        3477         0.24   1        0        3477        3477.00     0.00        3477.00    
  116      2823338      1        1        3459         0.24   1        0        3459        3459.00     0.00        3459.00    
  117      2815835      1        3        3438         0.24   1        0        3438        3438.00     0.00        3438.00    
  118      2825566      1        1        3432         0.24   1        0        3432        3432.00     0.00        3432.00    
  119      2816181      1        2        3408         0.23   1        0        3408        3408.00     0.00        3408.00    
  120      2101972      1        18       3384         0.23   1        0        3384        3384.00     0.00        3384.00    
  121      2102190      1        5        3354         0.23   1        0        3354        3354.00     0.00        3354.00    
  122      2825564      1        2        3345         0.23   1        0        3345        3345.00     0.00        3345.00    
  123      2821055      1        2        3336         0.23   1        0        3336        3336.00     0.00        3336.00    
  124      2808517      1        1        3333         0.23   1        0        3333        3333.00     0.00        3333.00    
  125      2802161      1        1        3

This file has been truncated. Go here to download in full.


suricata-report-2018-07-24-T-19-34-27-07242018.1932-packet_8F4311E8B13C005056A839A9F3928D8E.pcap.txt - (17709 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/c253961befb30b69806993b3eca4038256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07242018.1932-packet_8F4311E8B13C005056A839A9F3928D8E.pcap -vvv -k none
elapsedtime:36.000760
stderr:
stdout:
24/7/2018 -- 19:33:51 - <Info> - Configuration node 'rule-files' redefined.
24/7/2018 -- 19:33:51 - <Notice> - This is Suricata version 4.0.0 RELEASE
24/7/2018 -- 19:33:51 - <Info> - CPUs/cores online: 1
24/7/2018 -- 19:33:51 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33877 and 'request-body-inspect-window' set to 15862 after randomization.
24/7/2018 -- 19:33:51 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33917 and 'response-body-inspect-window' set to 16693 after randomization.
24/7/2018 -- 19:33:51 - <Config> - DNS request flood protection level: 500
24/7/2018 -- 19:33:51 - <Config> - DNS per flow memcap (state-memcap): 524288
24/7/2018 -- 19:33:51 - <Config> - DNS global memcap: 16777216
24/7/2018 -- 19:33:51 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
24/7/2018 -- 19:33:51 - <Config> - preallocated 1000 hosts of size 136
24/7/2018 -- 19:33:51 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
24/7/2018 -- 19:33:51 - <Config> - using magic-file /usr/share/file/magic
24/7/2018 -- 19:33:51 - <Config> - Core dump size is unlimited.
24/7/2018 -- 19:33:51 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
24/7/2018 -- 19:33:51 - <Config> - preallocated 1000 defrag trackers of size 168
24/7/2018 -- 19:33:51 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
24/7/2018 -- 19:33:51 - <Config> - stream "prealloc-sessions": 2048 (per thread)
24/7/2018 -- 19:33:51 - <Config> - stream "memcap": 33554432
24/7/2018 -- 19:33:51 - <Config> - stream "midstream" session pickups: disabled
24/7/2018 -- 19:33:51 - <Config> - stream "async-oneside": disabled
24/7/2018 -- 19:33:51 - <Config> - stream "checksum-validation": disabled
24/7/2018 -- 19:33:51 - <Config> - stream."inline": disabled
24/7/2018 -- 19:33:51 - <Config> - stream "bypass": disabled
24/7/2018 -- 19:33:51 - <Config> - stream "max-synack-queued": 5
24/7/2018 -- 19:33:51 - <Config> - stream.reassembly "memcap": 134217728
24/7/2018 -- 19:33:51 - <Config> - stream.reassembly "depth": 0
24/7/2018 -- 19:33:51 - <Config> - stream.reassembly "toserver-chunk-size": 2534
24/7/2018 -- 19:33:51 - <Config> - stream.reassembly "toclient-chunk-size": 2593
24/7/2018 -- 19:33:51 - <Config> - stream.reassembly.raw: enabled
24/7/2018 -- 19:33:51 - <Config> - stream.reassembly "segment-prealloc": 2048
24/7/2018 -- 19:33:51 - <Config> - Delayed detect disabled
24/7/2018 -- 19:33:51 - <Config> - pattern matchers: MPM: ac, SPM: bm
24/7/2018 -- 19:33:51 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
24/7/2018 -- 19:33:51 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
24/7/2018 -- 19:33:51 - <Config> - prefilter engines: MPM
24/7/2018 -- 19:33:51 - <Config> - IP reputation disabled
24/7/2018 -- 19:33:51 - <Perf> - Registered 148 keyword profiling counters.
24/7/2018 -- 19:33:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
24/7/2018 -- 19:33:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
24/7/2018 -- 19:33:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
24/7/2018 -- 19:33:59 - <Config> - No rules loaded from ET-icmp.rules.
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
24/7/2018 -- 19:33:59 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
24/7/2018 -- 19:34:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
24/7/2018 -- 19:34:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
24/7/2018 -- 19:34:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
24/7/2018 -- 19:34:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
24/7/2018 -- 19:34:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
24/7/2018 -- 19:34:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
24/7/2018 -- 19:34:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
24/7/2018 -- 19:34:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
24/7/2018 -- 19:34:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
24/7/2018 -- 19:34:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
24/7/2018 -- 19:34:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
24/7/2018 -- 19:34:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
24/7/2018 -- 19:34:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
24/7/2018 -- 19:34:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
24/7/2018 -- 19:34:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
24/7/2018 -- 19:34:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
24/7/2018 -- 19:34:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
24/7/2018 -- 19:34:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
24/7/2018 -- 19:34:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
24/7/2018 -- 19:34:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
24/7/2018 -- 19:34:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
24/7/2018 -- 19:34:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
24/7/2018 -- 19:34:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
24/7/2018 -- 19:34:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
24/7/2018 -- 19:34:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
24/7/2018 -- 19:34:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
24/7/2018 -- 19:34:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
24/7/2018 -- 19:34:12 - <Config> - No rules loaded from local.rules.
24/7/2018 -- 19:34:12 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
24/7/2018 -- 19:34:12 - <Info> - Threshold config parsed: 0 rule(s) found
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for tcp-packet
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for tcp-stream
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for udp-packet
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for other-ip
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_uri
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_request_line
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_client_body
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_response_line
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_header
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_header
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_header_names
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_header_names
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_accept
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_accept_enc
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_accept_lang
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_referer
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_connection
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_content_len
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_content_len
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_content_type
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_content_type
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_protocol
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_protocol
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_start
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_start
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_raw_header
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_raw_header
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_method
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_cookie
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_cookie
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_raw_uri
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_user_agent
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_host
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_raw_host
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_stat_msg
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_stat_code
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for dns_query
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for tls_sni
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for tls_cert_issuer
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for tls_cert_subject
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for tls_cert_serial
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for dce_stub_data
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for dce_stub_data
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for ssh_protocol
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for ssh_protocol
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for ssh_software
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for ssh_software
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for file_data
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for file_data
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_request_line
24/7/2018 -- 19:34:13 - <Perf> - using shared mpm ctx' for http_response_line
24/7/2018 -- 19:34:13 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
24/7/2018 -- 19:34:13 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
24/7/2018 -- 19:34:13 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
24/7/2018 -- 19:34:13 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
24/7/2018 -- 19:34:13 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
24/7/2018 -- 19:34:13 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
24/7/2018 -- 19:34:13 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
24/7/2018 -- 19:34:13 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
24/7/2018 -- 19:34:22 - <Perf> - Unique rule groups: 104
24/7/2018 -- 19:34:22 - <Perf> - Builtin MPM "toserver TCP packet": 35
24/7/2018 -- 19:34:22 - <Perf> - Builtin MPM "toclient TCP packet": 17
24/7/2018 -- 19:34:22 - <Perf> - Builtin MPM "toserver TCP stream": 33
24/7/2018 -- 19:34:22 - <Perf> - Builtin MPM "toclient TCP stream": 19
24/7/2018 -- 19:34:22 - <Perf> - Builtin MPM "toserver UDP packet": 27
24/7/2018 -- 19:34:22 - <Perf> - Builtin MPM "toclient UDP packet": 17
24/7/2018 -- 19:34:22 - <Perf> - Builtin MPM "other IP packet": 3
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_uri": 14
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_request_line": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_client_body": 6
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient http_response_line": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_header": 10
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient http_header": 6
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_header_names": 2
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_accept": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_referer": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_content_len": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_content_type": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient http_content_type": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_protocol": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_start": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_method": 5
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_cookie": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient http_cookie": 2
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver http_host": 2
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver dns_query": 4
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver tls_sni": 2
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toserver file_data": 1
24/7/2018 -- 19:34:22 - <Perf> - AppLayer MPM "toclient file_data": 7
24/7/2018 -- 19:34:26 - <Perf> - Registered 39590 rule profiling counters.
24/7/2018 -- 19:34:26 - <Info> - fast output device (regular) initialized: alert
24/7/2018 -- 19:34:26 - <Info> - eve-log output device (regular) initialized: eve.json
24/7/2018 -- 19:34:26 - <Config> - enabling 'eve-log' module 'alert'
24/7/2018 -- 19:34:26 - <Config> - enabling 'eve-log' module 'http'
24/7/2018 -- 19:34:26 - <Config> - enabling 'eve-log' module 'dns'
24/7/2018 -- 19:34:26 - <Config> - enabling 'eve-log' module 'tls'
24/7/2018 -- 19:34:26 - <Config> - enabling 'eve-log' module 'files'
24/7/2018 -- 19:34:26 - <Config> - enabling 'eve-log' module 'ssh'
24/7/2018 -- 19:34:26 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
24/7/2018 -- 19:34:26 - <Info> - stats output device (regular) initialized: stats.log
24/7/2018 -- 19:34:26 - <Config> - AutoFP mode using "Hash" flow load balancer
24/7/2018 -- 19:34:26 - <Info> - reading pcap file /var/pcap/07242018.1932-packet_8F4311E8B13C005056A839A9F3928D8E.pcap
24/7/2018 -- 19:34:26 - <Config

This file has been truncated. Go here to download in full.


stats.log - (2003 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
------------------------------------------------------------------------------------
Date: 7/24/2018 -- 19:34:27 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1
decoder.bytes                              | Total                     | 1514
decoder.ipv4                               | Total                     | 1
decoder.ethernet                           | Total                     | 1
decoder.tcp                                | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 1514
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 1
detect.mpm_list                            | Total                     | 189
detect.nonmpm_list                         | Total                     | 4
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 140
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


keyword_perf.log - (2597 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/24/2018 -- 19:34:27
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             33813           6               0               17529           5635.00         0.00            5635.00        
  content          415995          79              23              13692           5265.00         5828.00         5034.00        
  pcre             167073          10              0               52341           16707.00        0.00            16707.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             33813           6               0               17529           5635.00         0.00            5635.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          415995          79              23              13692           5265.00         5828.00         5034.00        
  pcre             167073          10              0               52341           16707.00        0.00            16707.00       


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2018-07-24 19:33:50,180 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-07-24 19:33:51,387 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-07-24 19:33:51,388 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2018-07-24 19:33:51,388 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-07-24 19:33:51,389 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-07-24 19:33:51,389 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/c253961befb30b69806993b3eca4038256b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07242018.1932-packet_8F4311E8B13C005056A839A9F3928D8E.pcap -vvv -k none
2018-07-24 19:34:27,393 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-07-24 19:34:27,394 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 37.2295520306