Filename: packet_8F4311E8B13C005056A839A9F3928D8E.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 14.134688139 seconds
Hash: c253961befb30b69806993b3eca40382
Uploaded: 1532460727

Logfiles


packet_stats.log - (4693 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6             1          2207475        2207475       2207475          2.2m  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6             1          2035821        2035821       2035821          2.0m   97.01
TMM_RECEIVEPCAPFILE         IPv4       6             1            16224          16224         16224         16.2k    0.77
TMM_DECODEPCAPFILE          IPv4       6             1            46539          46539         46539         46.5k    2.22

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             1            47103          47103         47103         47.1k  2.35  
stream                  IPv4       6             1            23502          23502         23502         23.5k  1.17  
detect                  IPv4       6             1          1917759        1917759       1917759          1.9m  95.82 
tcp-prune               IPv4       6             1            12972          12972         12972         13.0k  0.65  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             1           263535         263535        263535       263.5k  46.69 
stream                            IPv4       6             1           300864         300864        300864       300.9k  53.31 
Total                             IPv4                     2                                        282199       564.4k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             1           110922         110922        110922        110.9k  4.49  
PROF_DETECT_RULES           IPv4       6             1          1019058        1019058       1019058          1.0m  41.23 
PROF_DETECT_STATEFUL_CONT    IPv4       6             1             3408           3408          3408          3.4k  0.14  
PROF_DETECT_PREFILTER       IPv4       6             1           626496         626496        626496        626.5k  25.35 
PROF_DETECT_PF_PAYLOAD      IPv4       6             1           576846         576846        576846        576.8k  23.34 
PROF_DETECT_PF_SORT1        IPv4       6             1             9204           9204          9204          9.2k  0.37  
PROF_DETECT_PF_SORT2        IPv4       6             1            20871          20871         20871         20.9k  0.84  
PROF_DETECT_NONMPMLIST      IPv4       6             1             4176           4176          4176          4.2k  0.17  
PROF_DETECT_ALERT           IPv4       6             1            26055          26055         26055         26.1k  1.05  
PROF_DETECT_CLEANUP         IPv4       6             1            10476          10476         10476         10.5k  0.42  
PROF_DETECT_GETSGH          IPv4       6             1            63840          63840         63840         63.8k  2.58  


suricata-report-2018-07-24-T-19-32-21-07242018.1932-packet_8F4311E8B13C005056A839A9F3928D8E.pcap.txt - (18019 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/c253961befb30b69806993b3eca40382d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/07242018.1932-packet_8F4311E8B13C005056A839A9F3928D8E.pcap -vvv -k none
elapsedtime:12.492991
stderr:
stdout:
24/7/2018 -- 19:32:08 - <Info> - Configuration node 'rule-files' redefined.
24/7/2018 -- 19:32:08 - <Notice> - This is Suricata version 4.0.0 RELEASE
24/7/2018 -- 19:32:08 - <Info> - CPUs/cores online: 1
24/7/2018 -- 19:32:08 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32638 and 'request-body-inspect-window' set to 15708 after randomization.
24/7/2018 -- 19:32:08 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31985 and 'response-body-inspect-window' set to 15907 after randomization.
24/7/2018 -- 19:32:08 - <Config> - DNS request flood protection level: 500
24/7/2018 -- 19:32:08 - <Config> - DNS per flow memcap (state-memcap): 524288
24/7/2018 -- 19:32:08 - <Config> - DNS global memcap: 16777216
24/7/2018 -- 19:32:08 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
24/7/2018 -- 19:32:08 - <Config> - preallocated 1000 hosts of size 136
24/7/2018 -- 19:32:08 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
24/7/2018 -- 19:32:08 - <Config> - using magic-file /usr/share/file/magic
24/7/2018 -- 19:32:08 - <Config> - Core dump size is unlimited.
24/7/2018 -- 19:32:08 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
24/7/2018 -- 19:32:08 - <Config> - preallocated 1000 defrag trackers of size 168
24/7/2018 -- 19:32:08 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
24/7/2018 -- 19:32:08 - <Config> - stream "prealloc-sessions": 2048 (per thread)
24/7/2018 -- 19:32:08 - <Config> - stream "memcap": 33554432
24/7/2018 -- 19:32:08 - <Config> - stream "midstream" session pickups: disabled
24/7/2018 -- 19:32:08 - <Config> - stream "async-oneside": disabled
24/7/2018 -- 19:32:08 - <Config> - stream "checksum-validation": disabled
24/7/2018 -- 19:32:08 - <Config> - stream."inline": disabled
24/7/2018 -- 19:32:08 - <Config> - stream "bypass": disabled
24/7/2018 -- 19:32:08 - <Config> - stream "max-synack-queued": 5
24/7/2018 -- 19:32:08 - <Config> - stream.reassembly "memcap": 134217728
24/7/2018 -- 19:32:08 - <Config> - stream.reassembly "depth": 0
24/7/2018 -- 19:32:08 - <Config> - stream.reassembly "toserver-chunk-size": 2619
24/7/2018 -- 19:32:08 - <Config> - stream.reassembly "toclient-chunk-size": 2600
24/7/2018 -- 19:32:08 - <Config> - stream.reassembly.raw: enabled
24/7/2018 -- 19:32:08 - <Config> - stream.reassembly "segment-prealloc": 2048
24/7/2018 -- 19:32:08 - <Config> - Delayed detect disabled
24/7/2018 -- 19:32:08 - <Config> - pattern matchers: MPM: ac, SPM: bm
24/7/2018 -- 19:32:08 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
24/7/2018 -- 19:32:08 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
24/7/2018 -- 19:32:08 - <Config> - prefilter engines: MPM
24/7/2018 -- 19:32:08 - <Config> - IP reputation disabled
24/7/2018 -- 19:32:08 - <Perf> - Registered 148 keyword profiling counters.
24/7/2018 -- 19:32:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
24/7/2018 -- 19:32:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
24/7/2018 -- 19:32:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
24/7/2018 -- 19:32:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
24/7/2018 -- 19:32:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
24/7/2018 -- 19:32:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
24/7/2018 -- 19:32:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
24/7/2018 -- 19:32:11 - <Config> - No rules loaded from ET-emerging-icmp.rules.
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
24/7/2018 -- 19:32:11 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
24/7/2018 -- 19:32:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
24/7/2018 -- 19:32:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
24/7/2018 -- 19:32:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
24/7/2018 -- 19:32:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
24/7/2018 -- 19:32:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
24/7/2018 -- 19:32:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
24/7/2018 -- 19:32:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
24/7/2018 -- 19:32:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
24/7/2018 -- 19:32:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
24/7/2018 -- 19:32:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
24/7/2018 -- 19:32:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
24/7/2018 -- 19:32:15 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
24/7/2018 -- 19:32:16 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
24/7/2018 -- 19:32:16 - <Config> - No rules loaded from local.rules.
24/7/2018 -- 19:32:16 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
24/7/2018 -- 19:32:16 - <Info> - Threshold config parsed: 0 rule(s) found
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for tcp-packet
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for tcp-stream
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for udp-packet
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for other-ip
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_uri
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_request_line
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_client_body
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_response_line
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_header
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_header
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_header_names
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_header_names
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_accept
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_accept_enc
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_accept_lang
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_referer
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_connection
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_content_len
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_content_len
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_content_type
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_content_type
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_protocol
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_protocol
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_start
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_start
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_raw_header
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_raw_header
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_method
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_cookie
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_cookie
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_raw_uri
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_user_agent
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_host
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_raw_host
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_stat_msg
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_stat_code
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for dns_query
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for tls_sni
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for tls_cert_issuer
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for tls_cert_subject
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for tls_cert_serial
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for dce_stub_data
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for dce_stub_data
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for ssh_protocol
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for ssh_protocol
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for ssh_software
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for ssh_software
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for file_data
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for file_data
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_request_line
24/7/2018 -- 19:32:16 - <Perf> - using shared mpm ctx' for http_response_line
24/7/2018 -- 19:32:16 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
24/7/2018 -- 19:32:16 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
24/7/2018 -- 19:32:16 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
24/7/2018 -- 19:32:17 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
24/7/2018 -- 19:32:17 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
24/7/2018 -- 19:32:17 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
24/7/2018 -- 19:32:17 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
24/7/2018 -- 19:32:17 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
24/7/2018 -- 19:32:18 - <Perf> - Unique rule groups: 111
24/7/2018 -- 19:32:18 - <Perf> - Builtin MPM "toserver TCP packet": 31
24/7/2018 -- 19:32:18 - <Perf> - Builtin MPM "toclient TCP packet": 20
24/7/2018 -- 19:32:18 - <Perf> - Builtin MPM "toserver TCP stream": 31
24/7/2018 -- 19:32:18 - <Perf> - Builtin MPM "toclient TCP stream": 21
24/7/2018 -- 19:32:18 - <Perf> - Builtin MPM "toserver UDP packet": 33
24/7/2018 -- 19:32:18 - <Perf> - Builtin MPM "toclient UDP packet": 15
24/7/2018 -- 19:32:18 - <Perf> - Builtin MPM "other IP packet": 2
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_uri": 8
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_request_line": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_client_body": 6
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient http_response_line": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_header": 6
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient http_header": 3
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_header_names": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_accept": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_referer": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_content_len": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_content_type": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient http_content_type": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_start": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_method": 3
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_cookie": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient http_cookie": 2
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver http_host": 2
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver dns_query": 4
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver tls_sni": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toserver file_data": 1
24/7/2018 -- 19:32:18 - <Perf> - AppLayer MPM "toclient file_data": 5
24/7/2018 -- 19:32:19 - <Perf> - Registered 18241 rule profiling counters.
24/7/2018 -- 19:32:19 - <Info> - fast output device (regular) initialized: alert
24/7/2018 -- 19:32:19 - <Info> - eve-log output device (regular) initialized: eve.json
24/7/2018 -- 19:32:19 - <Config> - enabling 'eve-log' module 'alert'
24/7/2018 -- 19:32:19 - <Config> - enabling 'eve-log' module 'http'
24/7/2018 -- 19:32:19 - <Config> - enabling 'eve-log' module 'dns'
24/7/2018 -- 19:32:19 - <Config> - enabling 'eve-log' module 'tls'
24/7/2018 -- 19:32:19 - <Config> - enabling 'eve-log' module 'files'
24/7/2018 -- 19:32:19 - <Config> - enabling 'eve-log' module 'ssh'
24/7/2018 -- 19:32:19 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
24/7/2

This file has been truncated. Go here to download in full.


stats.log - (1701 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
------------------------------------------------------------------------------------
Date: 7/24/2018 -- 19:32:21 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1
decoder.bytes                              | Total                     | 1514
decoder.ipv4                               | Total                     | 1
decoder.ethernet                           | Total                     | 1
decoder.tcp                                | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 1514
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 1
detect.mpm_list                            | Total                     | 36
detect.nonmpm_list                         | Total                     | 3
detect.match_list                          | Total                     | 23
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


keyword_perf.log - (1528 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/24/2018 -- 19:32:21
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          60561           10              1               16107           6056.00         7932.00         5847.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          60561           10              1               16107           6056.00         7932.00         5847.00        


suricata-4.0.0-etopen-all-perf.txt-2018-07-24-T-19-32-21-07242018.1932-packet_8F4311E8B13C005056A839A9F3928D8E.pcap.txt - (3414 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
  --------------------------------------------------------------------------
  Date: 7/24/2018 -- 19:32:21. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2008124      1        5        48258        19.95  1        0        48258       48258.00    0.00        48258.00   
  2        2017716      1        3        42291        17.48  1        0        42291       42291.00    0.00        42291.00   
  3        2019326      1        6        14028        5.80   1        0        14028       14028.00    0.00        14028.00   
  4        2017322      1        4        13950        5.77   1        0        13950       13950.00    0.00        13950.00   
  5        2017319      1        6        13359        5.52   1        0        13359       13359.00    0.00        13359.00   
  6        2019327      1        6        13296        5.50   1        0        13296       13296.00    0.00        13296.00   
  7        2017323      1        4        12918        5.34   1        0        12918       12918.00    0.00        12918.00   
  8        2017321      1        8        12366        5.11   1        0        12366       12366.00    0.00        12366.00   
  9        2018115      1        1        5271         2.18   1        0        5271        5271.00     0.00        5271.00    
  10       2000345      1        16       5040         2.08   1        0        5040        5040.00     0.00        5040.00    
  11       2101379      1        13       5004         2.07   1        0        5004        5004.00     0.00        5004.00    
  12       2008420      1        4        4932         2.04   1        0        4932        4932.00     0.00        4932.00    
  13       2100327      1        10       4911         2.03   1        0        4911        4911.00     0.00        4911.00    
  14       2000333      1        11       4779         1.98   1        0        4779        4779.00     0.00        4779.00    
  15       2025019      1        1        4740         1.96   1        0        4740        4740.00     0.00        4740.00    
  16       2017935      1        3        4722         1.95   1        0        4722        4722.00     0.00        4722.00    
  17       2102110      1        4        4680         1.93   1        0        4680        4680.00     0.00        4680.00    
  18       2002024      1        19       4656         1.92   1        0        4656        4656.00     0.00        4656.00    
  19       2009984      1        2        4632         1.91   1        0        4632        4632.00     0.00        4632.00    
  20       2008304      1        3        4629         1.91   1        0        4629        4629.00     0.00        4629.00    
  21       2102190      1        5        4542         1.88   1        0        4542        4542.00     0.00        4542.00    
  22       2101972      1        18       4446         1.84   1        0        4446        4446.00     0.00        4446.00    
  23       2101634      1        15       4434         1.83   1        0        4434        4434.00     0.00        4434.00    


IDSDeathBlossom.py.log - (1182 bytes) - download
1
2
3
4
5
6
7
8
2018-07-24 19:32:07,468 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-07-24 19:32:08,694 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-07-24 19:32:08,694 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-07-24 19:32:08,695 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-07-24 19:32:08,695 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-07-24 19:32:08,696 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/c253961befb30b69806993b3eca40382d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/07242018.1932-packet_8F4311E8B13C005056A839A9F3928D8E.pcap -vvv -k none
2018-07-24 19:32:21,192 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-07-24 19:32:21,193 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 13.7485949993