Filename: 1309b.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.7081408501 seconds
Hash: c8fd35c640d7a0cf310b6bcac67f33d0
Uploaded: 1576259108

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-12-13-T-17-45-35-12132019.1745-1309b.pcap.txt - (2135 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
  --------------------------------------------------------------------------
  Date: 12/13/2019 -- 17:45:35. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2001579      1        15       293020       41.90  3        3        234052      97673.33    97673.33    0.00       
  2        2001569      1        15       194922       27.87  6        6        71788       32487.00    32487.00    0.00       
  3        2102523      1        8        49964        7.14   9        0        7778        5551.56     0.00        5551.56    
  4        2023625      1        3        15584        2.23   3        0        6684        5194.67     0.00        5194.67    
  5        2013739      1        15       15126        2.16   3        0        6194        5042.00     0.00        5042.00    
  6        2010143      1        3        15234        2.18   3        0        6174        5078.00     0.00        5078.00    
  7        2805141      1        4        29368        4.20   6        0        5664        4894.67     0.00        4894.67    
  8        2010140      1        7        14674        2.10   3        0        5626        4891.33     0.00        4891.33    
  9        2023622      1        3        14516        2.08   3        0        5540        4838.67     0.00        4838.67    
  10       2825296      1        3        14516        2.08   3        0        5532        4838.67     0.00        4838.67    
  11       2008120      1        4        14522        2.08   3        0        5460        4840.67     0.00        4840.67    
  12       2010142      1        4        14140        2.02   3        0        5208        4713.33     0.00        4713.33    
  13       2023624      1        3        13754        1.97   3        0        4846        4584.67     0.00        4584.67    


packet_stats.log - (6606 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6             9          1182210        2919380       2136053         19.2m   63.99
 IPv4      17             3          3407682        3805526       3605954         10.8m   36.01
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6             9           177156         720698        290726          2.6m   70.16
TMM_FLOWWORKER              IPv4      17             3           214508         502996        313440        940.3k   25.21
TMM_RECEIVEPCAPFILE         IPv4       6             9             4454          11688          5485         49.4k    1.32
TMM_RECEIVEPCAPFILE         IPv4      17             3             4684           4738          4705         14.1k    0.38
TMM_DECODEPCAPFILE          IPv4       6             9             4786          48534          9803         88.2k    2.37
TMM_DECODEPCAPFILE          IPv4      17             3             4734          11082          6976         20.9k    0.56

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             9             4836          35650         10421         93.8k  2.89  
flow                    IPv4      17             3             4804          27152         12353         37.1k  1.14  
stream                  IPv4       6             9             4706          27304          8733         78.6k  2.42  
app-layer               IPv4      17             3             4590          55496         21596         64.8k  2.00  
detect                  IPv4       6             9           133842         609038        237050          2.1m  65.72 
detect                  IPv4      17             3           186496         401072        260784        782.4k  24.10 
tcp-prune               IPv4       6             9             4544          11402          6258         56.3k  1.73  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
Proto detect            IPv4      17             1            45148          45148         45148         45.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4      17             3             6492          41898         19980        59.9k  100.00
Total                             IPv4                     3                                         19980        59.9k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             3            41690         162810         82862        248.6k  9.88  
PROF_DETECT_IPONLY          IPv4      17             1            50520          50520         50520         50.5k  2.01  
PROF_DETECT_RULES           IPv4       6             9            50358         258788         87916        791.3k  31.45 
PROF_DETECT_RULES           IPv4      17             3            85602         157392        109832        329.5k  13.10 
PROF_DETECT_STATEFUL_CONT    IPv4       6             9             4418           6674          5102         45.9k  1.83  
PROF_DETECT_STATEFUL_CONT    IPv4      17             3             4516           4694          4580         13.7k  0.55  
PROF_DETECT_PREFILTER       IPv4       6             9            13934          35944         20366        183.3k  7.29  
PROF_DETECT_PREFILTER       IPv4      17             3            42602          81536         57548        172.6k  6.86  
PROF_DETECT_PF_PAYLOAD      IPv4      17             3            15400          50896         29001         87.0k  3.46  
PROF_DETECT_PF_SORT1        IPv4      17             3             4618           5890          5160         15.5k  0.62  
PROF_DETECT_PF_SORT2        IPv4       6             9             4446           7296          5312         47.8k  1.90  
PROF_DETECT_PF_SORT2        IPv4      17             3             4468           6142          5070         15.2k  0.60  
PROF_DETECT_NONMPMLIST      IPv4       6             9             4478           6726          5499         49.5k  1.97  
PROF_DETECT_NONMPMLIST      IPv4      17             3             4520           6368          5320         16.0k  0.63  
PROF_DETECT_ALERT           IPv4       6             9            13812          81464         23959        215.6k  8.57  
PROF_DETECT_ALERT           IPv4      17             3             4458           4560          4500         13.5k  0.54  
PROF_DETECT_CLEANUP         IPv4       6             9             4544          17838          6959         62.6k  2.49  
PROF_DETECT_CLEANUP         IPv4      17             3             4450           6264          5134         15.4k  0.61  
PROF_DETECT_GETSGH          IPv4       6             9             4666          37692          9853         88.7k  3.52  
PROF_DETECT_GETSGH          IPv4      17             3             4444          44384         17841         53.5k  2.13  


suricata-report-2019-12-13-T-17-45-35-12132019.1745-1309b.pcap.txt - (17855 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/c8fd35c640d7a0cf310b6bcac67f33d056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12132019.1745-1309b.pcap -vvv -k none
elapsedtime:25.662568
stderr:
stdout:
13/12/2019 -- 17:45:09 - <Info> - Configuration node 'rule-files' redefined.
13/12/2019 -- 17:45:09 - <Notice> - This is Suricata version 4.0.0 RELEASE
13/12/2019 -- 17:45:09 - <Info> - CPUs/cores online: 1
13/12/2019 -- 17:45:09 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31300 and 'request-body-inspect-window' set to 17171 after randomization.
13/12/2019 -- 17:45:09 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33757 and 'response-body-inspect-window' set to 16894 after randomization.
13/12/2019 -- 17:45:09 - <Config> - DNS request flood protection level: 500
13/12/2019 -- 17:45:09 - <Config> - DNS per flow memcap (state-memcap): 524288
13/12/2019 -- 17:45:09 - <Config> - DNS global memcap: 16777216
13/12/2019 -- 17:45:09 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
13/12/2019 -- 17:45:09 - <Config> - preallocated 1000 hosts of size 136
13/12/2019 -- 17:45:09 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
13/12/2019 -- 17:45:09 - <Config> - using magic-file /usr/share/file/magic
13/12/2019 -- 17:45:09 - <Config> - Core dump size is unlimited.
13/12/2019 -- 17:45:09 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
13/12/2019 -- 17:45:09 - <Config> - preallocated 1000 defrag trackers of size 168
13/12/2019 -- 17:45:09 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
13/12/2019 -- 17:45:09 - <Config> - stream "prealloc-sessions": 2048 (per thread)
13/12/2019 -- 17:45:09 - <Config> - stream "memcap": 33554432
13/12/2019 -- 17:45:09 - <Config> - stream "midstream" session pickups: disabled
13/12/2019 -- 17:45:09 - <Config> - stream "async-oneside": disabled
13/12/2019 -- 17:45:09 - <Config> - stream "checksum-validation": disabled
13/12/2019 -- 17:45:09 - <Config> - stream."inline": disabled
13/12/2019 -- 17:45:09 - <Config> - stream "bypass": disabled
13/12/2019 -- 17:45:09 - <Config> - stream "max-synack-queued": 5
13/12/2019 -- 17:45:09 - <Config> - stream.reassembly "memcap": 134217728
13/12/2019 -- 17:45:09 - <Config> - stream.reassembly "depth": 0
13/12/2019 -- 17:45:09 - <Config> - stream.reassembly "toserver-chunk-size": 2632
13/12/2019 -- 17:45:09 - <Config> - stream.reassembly "toclient-chunk-size": 2613
13/12/2019 -- 17:45:09 - <Config> - stream.reassembly.raw: enabled
13/12/2019 -- 17:45:09 - <Config> - stream.reassembly "segment-prealloc": 2048
13/12/2019 -- 17:45:09 - <Config> - Delayed detect disabled
13/12/2019 -- 17:45:09 - <Config> - pattern matchers: MPM: ac, SPM: bm
13/12/2019 -- 17:45:09 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
13/12/2019 -- 17:45:09 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
13/12/2019 -- 17:45:09 - <Config> - prefilter engines: MPM
13/12/2019 -- 17:45:09 - <Config> - IP reputation disabled
13/12/2019 -- 17:45:09 - <Perf> - Registered 148 keyword profiling counters.
13/12/2019 -- 17:45:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
13/12/2019 -- 17:45:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
13/12/2019 -- 17:45:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
13/12/2019 -- 17:45:15 - <Config> - No rules loaded from ET-icmp.rules.
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
13/12/2019 -- 17:45:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
13/12/2019 -- 17:45:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
13/12/2019 -- 17:45:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
13/12/2019 -- 17:45:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
13/12/2019 -- 17:45:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
13/12/2019 -- 17:45:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
13/12/2019 -- 17:45:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
13/12/2019 -- 17:45:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
13/12/2019 -- 17:45:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
13/12/2019 -- 17:45:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
13/12/2019 -- 17:45:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
13/12/2019 -- 17:45:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
13/12/2019 -- 17:45:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
13/12/2019 -- 17:45:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
13/12/2019 -- 17:45:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
13/12/2019 -- 17:45:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
13/12/2019 -- 17:45:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
13/12/2019 -- 17:45:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
13/12/2019 -- 17:45:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
13/12/2019 -- 17:45:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
13/12/2019 -- 17:45:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
13/12/2019 -- 17:45:24 - <Config> - No rules loaded from local.rules.
13/12/2019 -- 17:45:24 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
13/12/2019 -- 17:45:24 - <Info> - Threshold config parsed: 0 rule(s) found
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for tcp-packet
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for tcp-stream
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for udp-packet
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for other-ip
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_uri
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_request_line
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_client_body
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_response_line
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_header
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_header
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_header_names
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_header_names
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_accept
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_accept_enc
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_accept_lang
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_referer
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_connection
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_content_len
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_content_len
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_content_type
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_content_type
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_protocol
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_protocol
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_start
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_start
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_raw_header
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_raw_header
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_method
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_cookie
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_cookie
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_raw_uri
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_user_agent
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_host
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_raw_host
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_stat_msg
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_stat_code
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for dns_query
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for tls_sni
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for tls_cert_issuer
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for tls_cert_subject
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for tls_cert_serial
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for dce_stub_data
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for dce_stub_data
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for ssh_protocol
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for ssh_protocol
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for ssh_software
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for ssh_software
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for file_data
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for file_data
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_request_line
13/12/2019 -- 17:45:25 - <Perf> - using shared mpm ctx' for http_response_line
13/12/2019 -- 17:45:25 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
13/12/2019 -- 17:45:25 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
13/12/2019 -- 17:45:25 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
13/12/2019 -- 17:45:25 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
13/12/2019 -- 17:45:25 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
13/12/2019 -- 17:45:25 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
13/12/2019 -- 17:45:25 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
13/12/2019 -- 17:45:25 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
13/12/2019 -- 17:45:32 - <Perf> - Unique rule groups: 104
13/12/2019 -- 17:45:32 - <Perf> - Builtin MPM "toserver TCP packet": 35
13/12/2019 -- 17:45:32 - <Perf> - Builtin MPM "toclient TCP packet": 17
13/12/2019 -- 17:45:32 - <Perf> - Builtin MPM "toserver TCP stream": 33
13/12/2019 -- 17:45:32 - <Perf> - Builtin MPM "toclient TCP stream": 19
13/12/2019 -- 17:45:32 - <Perf> - Builtin MPM "toserver UDP packet": 27
13/12/2019 -- 17:45:32 - <Perf> - Builtin MPM "toclient UDP packet": 17
13/12/2019 -- 17:45:32 - <Perf> - Builtin MPM "other IP packet": 3
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_uri": 14
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_request_line": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_client_body": 6
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient http_response_line": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_header": 10
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient http_header": 6
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_header_names": 2
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_accept": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_referer": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_content_len": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_content_type": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient http_content_type": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_protocol": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_start": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_method": 5
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_cookie": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient http_cookie": 2
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver http_host": 2
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver dns_query": 4
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver tls_sni": 2
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toserver file_data": 1
13/12/2019 -- 17:45:32 - <Perf> - AppLayer MPM "toclient file_data": 7
13/12/2019 -- 17:45:34 - <Perf> - Registered 39590 rule profiling counters.
13/12/2019 -- 17:45:34 - <Info> - fast output device (regular) initialized: alert
13/12/2019 -- 17:45:34 - <Info> - eve-log output device (regular) initialized: eve.json
13/12/2019 -- 17:45:34 - <Config> - enabling 'eve-log' module 'alert'
13/12/2019 -- 17:45:34 - <Config> - enabling 'eve-log' module 'http'
13/12/2019 -- 17:45:34 - <Config> - enabling 'eve-log' module 'dns'
13/12/2019 -- 17:45:34 - <Config> - enabling 'eve-log' module 'tls'
13/12/2019 -- 17:45:34 - <Config> - enabling 'eve-log' module 'files'
13/12/2019 -- 17:45:34 - <Config> - enabling 'eve-log' module 'ssh'
13/12/2019 -- 17:45:34 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
13/12/2019 -- 17:45:34 - <Info> - stats output device (regular) initialized: stats.log
13/12/2019 -- 17:45:34 - <Config> - AutoFP mode using "Hash" flow load

This file has been truncated. Go here to download in full.


stats.log - (2148 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
------------------------------------------------------------------------------------
Date: 12/13/2019 -- 17:45:35 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 12
decoder.bytes                              | Total                     | 858
decoder.ipv4                               | Total                     | 12
decoder.ethernet                           | Total                     | 12
decoder.tcp                                | Total                     | 9
decoder.udp                                | Total                     | 3
decoder.avg_pkt_size                       | Total                     | 71
decoder.max_pkt_size                       | Total                     | 92
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 1
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 9
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 5
detect.fnonmpm_list                        | Total                     | 2
detect.match_list                          | Total                     | 4
app_layer.flow.failed_udp                  | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456


keyword_perf.log - (2586 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 12/13/2019 -- 17:45:35
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            252392          9               9               208770          28043.00        28043.00        0.00           
  flow             62536           9               9               19756           6948.00         6948.00         0.00           
  threshold        106342          9               0               59428           11815.00        0.00            11815.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            252392          9               9               208770          28043.00        28043.00        0.00           
  flow             62536           9               9               19756           6948.00         6948.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        106342          9               0               59428           11815.00        0.00            11815.00       


IDSDeathBlossom.py.log - (1145 bytes) - download
1
2
3
4
5
6
7
8
2019-12-13 17:45:08,867 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-12-13 17:45:09,688 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-12-13 17:45:09,688 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-12-13 17:45:09,688 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-12-13 17:45:09,689 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-12-13 17:45:09,689 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/c8fd35c640d7a0cf310b6bcac67f33d056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/12132019.1745-1309b.pcap -vvv -k none
2019-12-13 17:45:35,354 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-12-13 17:45:35,354 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.4975290298