Filename: 87000f48-9583-4c50-8bad-af9da319ed23.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.686907053 seconds
Hash: cd730f19ff15ac755f05e3ab1526849a
Uploaded: 1562333554

Logfiles


packet_stats.log - (15843 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6             7          6535030       26653664      19886458        139.2m    5.15
 IPv4      17            43          4362478       35558629      18243094        784.5m   29.00
 IPv6      17            49          4037507       38662335      25636862          1.3b   46.44
 IPv6      58            19          6424200       36962172      27653232        525.4m   19.42
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6             7           108631        6475421       1364098          9.5m   23.92
TMM_FLOWWORKER              IPv4      17            43           119387        9151587        467436         20.1m   50.36
TMM_RECEIVEPCAPFILE         IPv4       6             5             2560           3750          2861         14.3k    0.04
TMM_RECEIVEPCAPFILE         IPv4      17            43             2542           3490          2846        122.4k    0.31
TMM_DECODEPCAPFILE          IPv4       6             5             2735          40366         10672         53.4k    0.13
TMM_DECODEPCAPFILE          IPv4      17            43             2678           3581          2834        121.9k    0.31
TMM_FLOWWORKER              IPv6      17            49           108454         496816        165150          8.1m   20.27
TMM_FLOWWORKER              IPv6      58            19            66023         104986         76300          1.4m    3.63
TMM_RECEIVEPCAPFILE         IPv6      17            49             2553           3383          2824        138.4k    0.35
TMM_RECEIVEPCAPFILE         IPv6      58            19             2551           2877          2764         52.5k    0.13
TMM_DECODEPCAPFILE          IPv6      17            49             2668          19886          3177        155.7k    0.39
TMM_DECODEPCAPFILE          IPv6      58            19             2713          11123          3378         64.2k    0.16

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             5             3249           6029          4306         21.5k  0.06  
flow                    IPv4      17            43             2814          10834          3423        147.2k  0.41  
stream                  IPv4       6             7             5211         246120         56077        392.5k  1.10  
app-layer               IPv4      17            43             2527          35226          4828        207.6k  0.58  
detect                  IPv4       6             7            71484        5955565       1222509          8.6m  24.08 
detect                  IPv4      17            43           102741        8026504        405007         17.4m  49.00 
tcp-prune               IPv4       6             7             2657          16179          4961         34.7k  0.10  
flow                    IPv6      17            49             2824          20757          3930        192.6k  0.54  
flow                    IPv6      58            19             2824           3691          2997         57.0k  0.16  
app-layer               IPv6      17            49             2525          17172          4678        229.2k  0.64  
detect                  IPv6      17            49            91441         479473        144021          7.1m  19.85 
detect                  IPv6      58            19            55086          93397         64855          1.2m  3.47  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1            46928          46928         46928         46.9k  4.11  
dns                     IPv4      17             3             5649          10572          7982         23.9k  2.10  
http                    IPv6      17             5           214317         214317        214317          1.1m  93.80 
Proto detect            IPv4       6             1            13450          13450         13450         13.4k
Proto detect            IPv4      17             9             2851          18458          8254         74.3k
Proto detect            IPv6      17            13             2805           9691          4091         53.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1           148101         148101        148101        148.1k  6.66  
LOGGER_UNIFIED2             IPv4       6             1           108177         108177        108177        108.2k  4.87  
LOGGER_JSON_ALERT           IPv4       6             1            95332          95332         95332         95.3k  4.29  
LOGGER_JSON_DNS             IPv4      17             2           729784        1081433        905608          1.8m  81.46 
LOGGER_JSON_HTTP            IPv4       6             1            60619          60619         60619         60.6k  2.73  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             2             3582         115041         59311       118.6k  1.25  
payload                           IPv4      17            43             3334        7773954        195941         8.4m  88.56 
stream                            IPv4       6             2             3247         150908         77077       154.2k  1.62  
http_uri                          IPv4       6             1            18732          18732         18732        18.7k  0.20  
http_request_line                 IPv4       6             1            11177          11177         11177        11.2k  0.12  
http_client_body                  IPv4       6             1             4687           4687          4687         4.7k  0.05  
http_header (request)             IPv4       6             1           127025         127025        127025       127.0k  1.34  
http_header (request trailer)     IPv4       6             1             2652           2652          2652         2.7k  0.03  
http_header_names (request)       IPv4       6             1            24434          24434         24434        24.4k  0.26  
http_accept (request)             IPv4       6             1             6395           6395          6395         6.4k  0.07  
http_referer (request)            IPv4       6             1             3706           3706          3706         3.7k  0.04  
http_content_len (request)        IPv4       6             1             3710           3710          3710         3.7k  0.04  
http_content_type (request)       IPv4       6             1             4363           4363          4363         4.4k  0.05  
http_protocol (request)           IPv4       6             1             6314           6314          6314         6.3k  0.07  
http_start (request)              IPv4       6             1            19326          19326         19326        19.3k  0.20  
http_raw_header (request)         IPv4       6             1            19002          19002         19002        19.0k  0.20  
http_method                       IPv4       6             1             6896           6896          6896         6.9k  0.07  
http_cookie (request)             IPv4       6             1            11821          11821         11821        11.8k  0.12  
http_raw_uri                      IPv4       6             1             5681           5681          5681         5.7k  0.06  
http_user_agent                   IPv4       6             1            76094          76094         76094        76.1k  0.80  
http_host                         IPv4       6             1             8751           8751          8751         8.8k  0.09  
dns_query                         IPv4      17             1             8681           8681          8681         8.7k  0.09  
Total                             IPv4                    66                                        137389         9.1m
payload                           IPv6      17            49             3131          40099          7174       351.6k  3.70  
payload                           IPv6      58            19             2737          19504          4969        94.4k  0.99  
Total                             IPv6                    68                                          6558       446.0k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            61230         814437        437833        875.7k  1.93  
PROF_DETECT_IPONLY          IPv4      17             8            37613         123975         53268        426.1k  0.94  
PROF_DETECT_RULES           IPv4       6             7             2921        5207080        810680          5.7m  12.52 
PROF_DETECT_RULES           IPv4      17            43            44297         562835        126078          5.4m  11.96 
PROF_DETECT_STATEFUL_START    IPv4       6             1          2777111        2777111       2777111          2.8m  6.13  
PROF_DETECT_STATEFUL_CONT    IPv4       6             7             2649          17002          7847         54.9k  0.12  
PROF_DETECT_STATEFUL_CONT    IPv4      17            43             2514          43326          3966        170.6k  0.38  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             3             2739           3549          3039          9.1k  0.02  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             3             2966           3800          3313          9.9k  0.02  
PROF_DETECT_PREFILTER       IPv4       6             7             8385         767972        235017          1.6m  3.63  
PROF_DETECT_PREFILTER       IPv4      17            43            24362        7800735        229642          9.9m  21.78 
PROF_DETECT_PF_PAYLOAD      IPv4       6             2           126805         162228        144516        289.0k  0.64  
PROF_DETECT_PF_PAYLOAD      IPv4      17            43             8611        7780207        201806          8.7m  19.14 
PROF_DETECT_PF_TX           IPv4       6             3             3428         419529        142685        428.1k  0.94  
PROF_DETECT_PF_TX           IPv4      17             2             2836          15475          9155         18.3k  0.04  
PROF_DETECT_PF_SORT1        IPv4       6             2             3224          36383         19803         39.6k  0.09  
PROF_DETECT_PF_SORT1        IPv4      17            43             2592           5100          3522        151.5k  0.33  
PROF_DETECT_PF_SORT2        IPv4       6             7             2555          32476          7866         55.1k  0.12  
PROF_DETECT_PF_SORT2        IPv4      17            43             2557          16438          3308        142.3k  0.31  
PROF_DETECT_NONMPMLIST      IPv4       6             7             2870           3906          3421         23.9k  0.05  
PROF_DETECT_NONMPMLIST      IPv4      17            43             2538           4080          2850        122.6k  0.27  
PROF_DETECT_ALERT           IPv4       6             7             2697          12788          4428         31.0k  0.07  
PROF_DETECT_ALERT           IPv4      17            43             2533           3364          2683        115.4k  0.25  
PROF_DETECT_CLEANUP         IPv4       6             7             2969          13008          4876         34.1k  0.08  
PROF_DETECT_CLEANUP         IPv4      17            43             2522           5417          2772        119.2k  0.26  
PROF_DETECT_GETSGH          IPv4       6             7             2626           6764          3889         27.2k  0.06  
PROF_DETECT_GETSGH          IPv4      17            43             2522           6753          3401        146.3k  0.32  
PROF_DETECT_IPONLY          IPv6      17            13             2968          23398          5622         73.1k  0.16  
PROF_DETECT_IPONLY          IPv6      58             1             3057           3057          3057          3.1k  0.01  
PROF_DETECT_RULES           IPv6      17            49            33633         203405         59698          2.9m  6.45  
PROF_DETECT_RULES           IPv6      58            19             2531           9609          3655         69.4k  0.15  
PROF_DETECT_STATEFUL_CONT    IPv6      17            49             2505          13291          3085        151.2k  0.33  
PROF_DETECT_STATEFUL_CONT    IPv6      58            19             2515           3428          2938         55.8k  0.12  
PROF_DETECT_PREFILTER       IPv6      17            49            23565         114888         32894          1.6m  3.56  
PROF_DETECT_PREFILTER       IPv6      58            19            18505          56817         23046        437.9k  0.97  
PROF_DETECT_PF_PAYLOAD      IPv6      17            49             8181          45903         12786        626.6k  1.38  
PROF_DETECT_PF_PAYLOAD      IPv6      58            19             7916          24801         10239        194.5k  0.43  
PROF_DETECT_PF_SORT1        IPv6      17            49             2596          21937          3489        171.0k  0.38  
PROF_DETECT_PF_SORT2        IPv6      17            49             2545          92606          4609        225.9k  0.50  
PROF_DETECT_PF_SORT2        IPv6      58            19             2516           3105          2647         50.3k  0.11  
PROF_DETECT_NONMPMLIST      IPv6      17            49             2529         385400         10957        536.9k  1.18  
PROF_DETECT_NONMPMLIST      IPv6      58            19             2524           3870          2844         54.0k  0.12  
PROF_DETECT_ALERT           IPv6      17            49             2527           3191          2641        129.4k  0.29  
PROF_DETECT_ALERT           IPv6      58            19             2531          19176          3483         66.2k  0.15  
PROF_DETECT_CLEANUP         IPv6      17            49             2519          30372          3337        163.5k  0.36  
PROF_DETECT_CLEANUP         IPv6      58            19             2521          18398          3553         67.5k  0.15  
PROF_DETECT_GETSGH          IPv6      17            49             2518          65145          5859        287.1k  0.63  
PROF_DETECT_GETSGH          IPv6      58            19             2536          19939          3809         72.4k  0.16  


unified2.alert.1562333576 - (435 bytes) - download
1
2
3
4
5
6
4\ñBщ¹ÝðÀ¨dgT6»ÀmPo\ñBÑ\ñBщ¹SES…GÀ¨dgT6»ÀmPPC¯GET /sabo.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: blaerck.xyz
Connection: Keep-Alive


suricata-4.0.0-etpro-all-alert-2019-07-05-T-13-32-57-07052019.1332-87000f48-9583-4c50-8bad-af9da319ed23.pcap.txt - (240 bytes) - download
1
05/31/2019-15:05:53.756153  [**] [1:2022896:5] ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.103:49261 -> 84.54.187.24:80


stats.log - (2681 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
------------------------------------------------------------------------------------
Date: 7/5/2019 -- 13:32:57 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 226
decoder.bytes                              | Total                     | 18458
decoder.ipv4                               | Total                     | 48
decoder.ipv6                               | Total                     | 68
decoder.ethernet                           | Total                     | 226
decoder.tcp                                | Total                     | 5
decoder.udp                                | Total                     | 92
decoder.icmpv6                             | Total                     | 19
decoder.avg_pkt_size                       | Total                     | 81
decoder.max_pkt_size                       | Total                     | 353
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 20
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 10
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 19
flow.spare                                 | Total                     | 9983
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074304


eve.json - (4474 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
{"timestamp":"2019-05-31T15:04:58.156046+0000","flow_id":1866600346706318,"pcap_cnt":57,"event_type":"dns","src_ip":"192.168.100.103","src_port":50862,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42991,"rrname":"blaerck.xyz","rrtype":"A","tx_id":0}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"84.54.187.24"}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"195.222.40.54"}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"37.152.176.90"}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"87.126.21.85"}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"186.74.208.84"}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"89.190.74.198"}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"86.106.200.105"}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"31.5.167.149"}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"86.61.75.99"}}
{"timestamp":"2019-05-31T15:04:59.145940+0000","flow_id":1866600346706318,"pcap_cnt":64,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.103","dest_port":50862,"proto":"UDP","dns":{"type":"answer","id":42991,"rcode":"NOERROR","rrname":"blaerck.xyz","rrtype":"A","ttl":148,"rdata":"93.152.165.187"}}
{"timestamp":"2019-05-31T15:05:53.756153+0000","flow_id":1969986652030174,"event_type":"alert","src_ip":"192.168.100.103","src_port":49261,"dest_ip":"84.54.187.24","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2022896,"rev":5,"signature":"ET CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-05-31T15:05:53.756153+0000","flow_id":1969986652030174,"event_type":"http","src_ip":"192.168.100.103","src_port":49261,"dest_ip":"84.54.187.24","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"blaerck.xyz","url":"\/sabo.exe","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}


suricata-4.0.0-etpro-all-perf.txt-2019-07-05-T-13-32-57-07052019.1332-87000f48-9583-4c50-8bad-af9da319ed23.pcap.txt - (24533 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 7/5/2019 -- 13:32:57. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2023615      1        3        402873       4.29   4        0        394404      100718.25   0.00        100718.25  
  2        2826281      1        2        409109       4.36   2        0        392052      204554.50   0.00        204554.50  
  3        2019011      1        3        170056       1.81   25       0        102815      6802.24     0.00        6802.24    
  4        2022054      1        3        79592        0.85   1        0        79592       79592.00    0.00        79592.00   
  5        2805260      1        4        78739        0.84   1        0        78739       78739.00    0.00        78739.00   
  6        2805348      1        4        647805       6.90   13       0        71259       49831.15    0.00        49831.15   
  7        2023627      1        3        182702       1.95   43       0        70434       4248.88     0.00        4248.88    
  8        2017190      1        6        68095        0.73   1        0        68095       68095.00    0.00        68095.00   
  9        2815326      1        2        67531        0.72   1        0        67531       67531.00    0.00        67531.00   
  10       2816909      1        2        64052        0.68   1        0        64052       64052.00    0.00        64052.00   
  11       2022339      1        2        62688        0.67   1        0        62688       62688.00    0.00        62688.00   
  12       2816940      1        2        57004        0.61   1        0        57004       57004.00    0.00        57004.00   
  13       2816910      1        2        56096        0.60   1        0        56096       56096.00    0.00        56096.00   
  14       2020573      1        2        55934        0.60   1        1        55934       55934.00    55934.00    0.00       
  15       2022830      1        2        55875        0.60   1        0        55875       55875.00    0.00        55875.00   
  16       2018958      1        18       55741        0.59   1        0        55741       55741.00    0.00        55741.00   
  17       2023315      1        2        55356        0.59   1        0        55356       55356.00    0.00        55356.00   
  18       2025064      1        5        52903        0.56   1        0        52903       52903.00    0.00        52903.00   
  19       2822979      1        3        48116        0.51   1        0        48116       48116.00    0.00        48116.00   
  20       2816525      1        10       47937        0.51   1        0        47937       47937.00    0.00        47937.00   
  21       2018121      1        4        47018        0.50   1        0        47018       47018.00    0.00        47018.00   
  22       2022220      1        2        46964        0.50   1        0        46964       46964.00    0.00        46964.00   
  23       2814575      1        4        46137        0.49   1        0        46137       46137.00    0.00        46137.00   
  24       2814477      1        4        44400        0.47   1        0        44400       44400.00    0.00        44400.00   
  25       2022896      1        5        44362        0.47   1        1        44362       44362.00    44362.00    0.00       
  26       2816165      1        5        43880        0.47   1        0        43880       43880.00    0.00        43880.00   
  27       2022049      1        3        43338        0.46   1        0        43338       43338.00    0.00        43338.00   
  28       2018254      1        4        42655        0.45   1        0        42655       42655.00    0.00        42655.00   
  29       2016141      1        5        41881        0.45   1        0        41881       41881.00    0.00        41881.00   
  30       2023670      1        3        41156        0.44   1        1        41156       41156.00    41156.00    0.00       
  31       2022502      1        4        40659        0.43   1        0        40659       40659.00    0.00        40659.00   
  32       2003657      1        18       40598        0.43   1        0        40598       40598.00    0.00        40598.00   
  33       2820851      1        5        38453        0.41   1        0        38453       38453.00    0.00        38453.00   
  34       2023875      1        2        38350        0.41   1        0        38350       38350.00    0.00        38350.00   
  35       2022482      1        3        38343        0.41   1        0        38343       38343.00    0.00        38343.00   
  36       2815817      1        5        38090        0.41   1        0        38090       38090.00    0.00        38090.00   
  37       2830035      1        2        37945        0.40   1        0        37945       37945.00    0.00        37945.00   
  38       2816327      1        4        37606        0.40   1        0        37606       37606.00    0.00        37606.00   
  39       2828122      1        2        37592        0.40   1        0        37592       37592.00    0.00        37592.00   
  40       2024767      1        2        37302        0.40   1        0        37302       37302.00    0.00        37302.00   
  41       2019344      1        5        36645        0.39   1        0        36645       36645.00    0.00        36645.00   
  42       2017613      1        9        36573        0.39   1        0        36573       36573.00    0.00        36573.00   
  43       2816660      1        3        36568        0.39   1        0        36568       36568.00    0.00        36568.00   
  44       2015547      1        4        36434        0.39   1        0        36434       36434.00    0.00        36434.00   
  45       2019881      1        3        36426        0.39   1        0        36426       36426.00    0.00        36426.00   
  46       2019714      1        10       36285        0.39   1        0        36285       36285.00    0.00        36285.00   
  47       2018358      1        7        36110        0.38   1        0        36110       36110.00    0.00        36110.00   
  48       2016029      1        3        36109        0.38   1        0        36109       36109.00    0.00        36109.00   
  49       2016578      1        5        35856        0.38   1        0        35856       35856.00    0.00        35856.00   
  50       2022609      1        2        35633        0.38   1        0        35633       35633.00    0.00        35633.00   
  51       2018581      1        3        35609        0.38   1        0        35609       35609.00    0.00        35609.00   
  52       2018452      1        15       35544        0.38   1        0        35544       35544.00    0.00        35544.00   
  53       2020826      1        7        35436        0.38   1        0        35436       35436.00    0.00        35436.00   
  54       2021607      1        6        35230        0.38   1        0        35230       35230.00    0.00        35230.00   
  55       2018403      1        10       35143        0.37   1        0        35143       35143.00    0.00        35143.00   
  56       2022270      1        2        35043        0.37   1        0        35043       35043.00    0.00        35043.00   
  57       2022942      1        2        35016        0.37   1        0        35016       35016.00    0.00        35016.00   
  58       2022658      1        4        34751        0.37   1        0        34751       34751.00    0.00        34751.00   
  59       2020941      1        2        34411        0.37   1        0        34411       34411.00    0.00        34411.00   
  60       2816924      1        4        34355        0.37   1        0        34355       34355.00    0.00        34355.00   
  61       2022503      1        2        34344        0.37   1        0        34344       34344.00    0.00        34344.00   
  62       2830124      1        1        34011        0.36   1        0        34011       34011.00    0.00        34011.00   
  63       2022550      1        16       33614        0.36   1        0        33614       33614.00    0.00        33614.00   
  64       2020991      1        2        33410        0.36   1        0        33410       33410.00    0.00        33410.00   
  65       2016097      1        4        33124        0.35   1        0        33124       33124.00    0.00        33124.00   
  66       2820031      1        2        31046        0.33   1        0        31046       31046.00    0.00        31046.00   
  67       2022207      1        4        30699        0.33   1        0        30699       30699.00    0.00        30699.00   
  68       2018981      1        4        30682        0.33   1        0        30682       30682.00    0.00        30682.00   
  69       2018242      1        5        29619        0.32   1        0        29619       29619.00    0.00        29619.00   
  70       2010140      1        7        314302       3.35   87       0        29542       3612.67     0.00        3612.67    
  71       2810045      1        4        29420        0.31   1        0        29420       29420.00    0.00        29420.00   
  72       2821615      1        2        29419        0.31   1        0        29419       29419.00    0.00        29419.00   
  73       2816929      1        4        29243        0.31   1        0        29243       29243.00    0.00        29243.00   
  74       2816328      1        5        29216        0.31   1        0        29216       29216.00    0.00        29216.00   
  75       2816356      1        2        29201        0.31   1        0        29201       29201.00    0.00        29201.00   
  76       2805941      1        2        29192        0.31   1        0        29192       29192.00    0.00        29192.00   
  77       2812916      1        6        29111        0.31   1        0        29111       29111.00    0.00        29111.00   
  78       2018556      1        2        29108        0.31   1        0        29108       29108.00    0.00        29108.00   
  79       2022262      1        3        29023        0.31   1        0        29023       29023.00    0.00        29023.00   
  80       2016499      1        14       28933        0.31   1        0        28933       28933.00    0.00        28933.00   
  81       2021245      1        6        28851        0.31   1        0        28851       28851.00    0.00        28851.00   
  82       2829644      1        1        28715        0.31   1        0        28715       28715.00    0.00        28715.00   
  83       2025162      1        2        28632        0.30   1        0        28632       28632.00    0.00        28632.00   
  84       2020960      1        2        28599        0.30   1        0        28599       28599.00    0.00        28599.00   
  85       2018421      1        2        28566        0.30   1        0        28566       28566.00    0.00        28566.00   
  86       2018928      1        3        28550        0.30   1        0        28550       28550.00    0.00        28550.00   
  87       2019693      1        5        28489        0.30   1        0        28489       28489.00    0.00        28489.00   
  88       2816526      1        13       28464        0.30   1        0        28464       28464.00    0.00        28464.00   
  89       2819673      1        4        28317        0.30   1        0        28317       28317.00    0.00        28317.00   
  90       2809753      1        2        28286        0.30   1        0        28286       28286.00    0.00        28286.00   
  91       2809859      1        6        28251        0.30   1        0        28251       28251.00    0.00        28251.00   
  92       2022940      1        2        28209        0.30   1        0        28209       28209.00    0.00        28209.00   
  93       2016858      1        10       28205        0.30   1        0        28205       28205.00    0.00        28205.00   
  94       2018496      1        9        28199        0.30   1        0        28199       28199.00    0.00        28199.00   
  95       2815324      1        2        28146        0.30   1        0        28146       28146.00    0.00        28146.00   
  96       2018385      1        3        27715        0.30   1        0        27715       27715.00    0.00        27715.00   
  97       2816927      1        3        27620        0.29   1        0        27620       27620.00    0.00        27620.00   
  98       2011894      1        19       27568        0.29   1        0        27568       27568.00    0.00        27568.00   
  99       2816931      1        3        27448        0.29   1        0        27448       27448.00    0.00        27448.00   
  100      2018983      1        7        27035        0.29   1        0        27035       27035.00    0.00        27035.00   
  101      2816930      1        4        26999        0.29   1        0        26999       26999.00    0.00        26999.00   
  102      2816922      1        5        26895        0.29   1        0        26895       26895.00    0.00        26895.00   
  103      2816925      1        3        26733        0.28   1        0        26733       26733.00    0.00        26733.00   
  104      2816928      1        3        26194        0.28   1        0        26194       26194.00    0.00        26194.00   
  105      2018191      1        2        25133        0.27   1        0        25133       25133.00    0.00        25133.00   
  106      2827279      1        5        25098        0.27   1        0        25098       25098.00    0.00        25098.00   
  107      2822876      1        2        25070        0.27   1        0        25070       25070.00    0.00        25070.00   
  108      2009702      1        5        48690        0.52   3        0        24765       16230.00    0.00        16230.00   
  109      2018010      1        5        24295        0.26   1        0        24295       24295.00    0.00        24295.00   
  110      2826256      1        2        24262        0.26   1        0        24262       24262.00    0.00        24262.00   
  111      2815201      1        2        23972        0.26   1        0        23972       23972.00    0.00        23972.00   
  112      2018184      1        5        23237        0.25   1        0        23237       23237.00    0.00        23237.00   
  113      2020380      1        3        22950        0.24   1        0        22950       22950.00    0.00        22950.00   
  114      2017617      1        3        22727        0.24   1        0        22727       22727.00    0.00        22727.00   
  115      2024178      1        2        22670        0.24   1        0        22670       22670.00    0.00        22670.00   
  116      2014701      1        12       46539        0.50   3        0        22353       15513.00    0.00        15513.00   
  117      2012612      1        16       22186        0.24   1        0        22186       22186.00    0.00        22186.00   
  118      2806530      1        2        22183        0.24   1        0        22183       22183.00    0.00        22183.00   
  119      2828008      1        2        22139        0.24   1        0        22139       22139.00    0.00        22139.00   
  120      2804626      1        9        22064        0.24   1        0        22064       22064.00    0.00        22064.00   
  121      2829607      1        1        21957        0.23   1        0        21957       21957.00    0.00        21957.00   
  122      2021697      1        3        21913        0.23   1        0        21913       21913.00    0.00        21913.00   
  123      2811077      1        3        21825        0.23   1        0        21825       21825.00    0.00        21825.00   
  124      2016223      1        10       21676        0.23   1        0        21676       21676.00    0.00        21676.00   
  125      2022239      1        4        21

This file has been truncated. Go here to download in full.


keyword_perf.log - (11934 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/5/2019 -- 13:32:57
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             465620          131             131             18981           3554.00         3554.00         0.00           
  content          1576519         285             191             379560          5531.00         4112.00         8414.00        
  pcre             359508          43              14              30948           8360.00         6194.00         9406.00        
  byte_test        169704          53              45              17622           3201.00         3268.00         2825.00        
  byte_jump        39668           13              13              4117            3051.00         3051.00         0.00           
  isdataat         2846            1               0               2846            2846.00         0.00            2846.00        
  flowbits         13332           3               2               6902            4444.00         5036.00         3259.00        
  urilen           125280          40              14              3735            3132.00         3143.00         3126.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             465620          131             131             18981           3554.00         3554.00         0.00           
  flowbits         3259            1               0               3259            3259.00         0.00            3259.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          640784          77              55              379560          8321.00         3601.00         20122.00       
  pcre             26593           3               2               17598           8864.00         4497.00         17598.00       
  byte_test        169704          53              45              17622           3201.00         3268.00         2825.00        
  byte_jump        39668           13              13              4117            3051.00         3051.00         0.00           
  isdataat         2846            1               0               2846            2846.00         0.00            2846.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         10073           2               2               6902            5036.00         5036.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          256266          61              35              20401           4201.00         4477.00         3828.00        
  pcre             216041          26              3               30948           8309.00         6781.00         8508.00        
  urilen           125280          40              14              3735            3132.00         3143.00         3126.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7107            2               2               4460            3553.00         3553.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          390746          85              59              26427           4597.00         4511.00         4790.00        
  pcre             96826           10              6               29958           9682.00         6827.00         13965.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          76389           21              14              4546            3637.00         3691.00         3529.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3588            1               1               3588            3588.00         3588.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_accept_enc
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3072            1               1               3072            3072.00         3072.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3186            1               1               3186            3186.00         3186.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22029           6               4               4306            3671.00         3908.00         3197.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          169893          29              19              59235           5858.00         4225.00         8961.00        
  pcre             10449           2               2               5761            5224.00         5224.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3459            1               0               3459            3459.00         0.00            3459.00        
  pcre             9599            2               1               5970            4799.00         5970.00         3629.00        


suricata-report-2019-07-05-T-13-32-57-07052019.1332-87000f48-9583-4c50-8bad-af9da319ed23.pcap.txt - (17493 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/cd730f19ff15ac755f05e3ab1526849a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.1332-87000f48-9583-4c50-8bad-af9da319ed23.pcap -vvv -k none
elapsedtime:21.758971
stderr:
stdout:
5/7/2019 -- 13:32:35 - <Info> - Configuration node 'rule-files' redefined.
5/7/2019 -- 13:32:35 - <Notice> - This is Suricata version 4.0.0 RELEASE
5/7/2019 -- 13:32:35 - <Info> - CPUs/cores online: 1
5/7/2019 -- 13:32:35 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31393 and 'request-body-inspect-window' set to 16304 after randomization.
5/7/2019 -- 13:32:35 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32536 and 'response-body-inspect-window' set to 15621 after randomization.
5/7/2019 -- 13:32:35 - <Config> - DNS request flood protection level: 500
5/7/2019 -- 13:32:35 - <Config> - DNS per flow memcap (state-memcap): 524288
5/7/2019 -- 13:32:35 - <Config> - DNS global memcap: 16777216
5/7/2019 -- 13:32:35 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
5/7/2019 -- 13:32:35 - <Config> - preallocated 1000 hosts of size 136
5/7/2019 -- 13:32:35 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
5/7/2019 -- 13:32:35 - <Config> - using magic-file /usr/share/file/magic
5/7/2019 -- 13:32:35 - <Config> - Core dump size is unlimited.
5/7/2019 -- 13:32:35 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
5/7/2019 -- 13:32:35 - <Config> - preallocated 1000 defrag trackers of size 168
5/7/2019 -- 13:32:35 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
5/7/2019 -- 13:32:35 - <Config> - stream "prealloc-sessions": 2048 (per thread)
5/7/2019 -- 13:32:35 - <Config> - stream "memcap": 33554432
5/7/2019 -- 13:32:35 - <Config> - stream "midstream" session pickups: disabled
5/7/2019 -- 13:32:35 - <Config> - stream "async-oneside": disabled
5/7/2019 -- 13:32:35 - <Config> - stream "checksum-validation": disabled
5/7/2019 -- 13:32:35 - <Config> - stream."inline": disabled
5/7/2019 -- 13:32:35 - <Config> - stream "bypass": disabled
5/7/2019 -- 13:32:35 - <Config> - stream "max-synack-queued": 5
5/7/2019 -- 13:32:35 - <Config> - stream.reassembly "memcap": 134217728
5/7/2019 -- 13:32:35 - <Config> - stream.reassembly "depth": 0
5/7/2019 -- 13:32:35 - <Config> - stream.reassembly "toserver-chunk-size": 2511
5/7/2019 -- 13:32:35 - <Config> - stream.reassembly "toclient-chunk-size": 2511
5/7/2019 -- 13:32:35 - <Config> - stream.reassembly.raw: enabled
5/7/2019 -- 13:32:35 - <Config> - stream.reassembly "segment-prealloc": 2048
5/7/2019 -- 13:32:35 - <Config> - Delayed detect disabled
5/7/2019 -- 13:32:35 - <Config> - pattern matchers: MPM: ac, SPM: bm
5/7/2019 -- 13:32:35 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
5/7/2019 -- 13:32:35 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
5/7/2019 -- 13:32:35 - <Config> - prefilter engines: MPM
5/7/2019 -- 13:32:35 - <Config> - IP reputation disabled
5/7/2019 -- 13:32:35 - <Perf> - Registered 148 keyword profiling counters.
5/7/2019 -- 13:32:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
5/7/2019 -- 13:32:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
5/7/2019 -- 13:32:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
5/7/2019 -- 13:32:40 - <Config> - No rules loaded from ET-icmp.rules.
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
5/7/2019 -- 13:32:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
5/7/2019 -- 13:32:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
5/7/2019 -- 13:32:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
5/7/2019 -- 13:32:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
5/7/2019 -- 13:32:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
5/7/2019 -- 13:32:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
5/7/2019 -- 13:32:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
5/7/2019 -- 13:32:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
5/7/2019 -- 13:32:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
5/7/2019 -- 13:32:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
5/7/2019 -- 13:32:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
5/7/2019 -- 13:32:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
5/7/2019 -- 13:32:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
5/7/2019 -- 13:32:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
5/7/2019 -- 13:32:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
5/7/2019 -- 13:32:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
5/7/2019 -- 13:32:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
5/7/2019 -- 13:32:48 - <Config> - No rules loaded from local.rules.
5/7/2019 -- 13:32:48 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
5/7/2019 -- 13:32:48 - <Info> - Threshold config parsed: 0 rule(s) found
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for tcp-packet
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for tcp-stream
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for udp-packet
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for other-ip
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_uri
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_client_body
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_header
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_header_names
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_accept
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_accept_enc
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_accept_lang
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_referer
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_connection
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_content_len
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_content_type
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_protocol
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_start
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_raw_header
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_method
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_cookie
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_raw_uri
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_user_agent
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_host
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_raw_host
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_stat_msg
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_stat_code
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for dns_query
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for tls_sni
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for tls_cert_issuer
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for tls_cert_subject
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for tls_cert_serial
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for dce_stub_data
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for ssh_protocol
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for ssh_software
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for file_data
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_request_line
5/7/2019 -- 13:32:48 - <Perf> - using shared mpm ctx' for http_response_line
5/7/2019 -- 13:32:48 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
5/7/2019 -- 13:32:48 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
5/7/2019 -- 13:32:49 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
5/7/2019 -- 13:32:49 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
5/7/2019 -- 13:32:49 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
5/7/2019 -- 13:32:49 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
5/7/2019 -- 13:32:49 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
5/7/2019 -- 13:32:49 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
5/7/2019 -- 13:32:53 - <Perf> - Unique rule groups: 104
5/7/2019 -- 13:32:53 - <Perf> - Builtin MPM "toserver TCP packet": 35
5/7/2019 -- 13:32:53 - <Perf> - Builtin MPM "toclient TCP packet": 17
5/7/2019 -- 13:32:53 - <Perf> - Builtin MPM "toserver TCP stream": 33
5/7/2019 -- 13:32:53 - <Perf> - Builtin MPM "toclient TCP stream": 19
5/7/2019 -- 13:32:53 - <Perf> - Builtin MPM "toserver UDP packet": 27
5/7/2019 -- 13:32:53 - <Perf> - Builtin MPM "toclient UDP packet": 17
5/7/2019 -- 13:32:53 - <Perf> - Builtin MPM "other IP packet": 3
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_uri": 14
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_request_line": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_client_body": 6
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient http_response_line": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_header": 10
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient http_header": 6
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_header_names": 2
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_accept": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_referer": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_content_len": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_content_type": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient http_content_type": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_protocol": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_start": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_method": 5
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_cookie": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient http_cookie": 2
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver http_host": 2
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver dns_query": 4
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver tls_sni": 2
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toserver file_data": 1
5/7/2019 -- 13:32:53 - <Perf> - AppLayer MPM "toclient file_data": 7
5/7/2019 -- 13:32:56 - <Perf> - Registered 39590 rule profiling counters.
5/7/2019 -- 13:32:56 - <Info> - fast output device (regular) initialized: alert
5/7/2019 -- 13:32:56 - <Info> - eve-log output device (regular) initialized: eve.json
5/7/2019 -- 13:32:56 - <Config> - enabling 'eve-log' module 'alert'
5/7/2019 -- 13:32:56 - <Config> - enabling 'eve-log' module 'http'
5/7/2019 -- 13:32:56 - <Config> - enabling 'eve-log' module 'dns'
5/7/2019 -- 13:32:56 - <Config> - enabling 'eve-log' module 'tls'
5/7/2019 -- 13:32:56 - <Config> - enabling 'eve-log' module 'files'
5/7/2019 -- 13:32:56 - <Config> - enabling 'eve-log' module 'ssh'
5/7/2019 -- 13:32:56 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
5/7/2019 -- 13:32:56 - <Info> - stats output device (regular) initialized: stats.log
5/7/2019 -- 13:32:56 - <Config> - AutoFP mode using "Hash" flow load balancer
5/7/2019 -- 13:32:56 - <Info> - reading pcap file /var/pcap/07052019.1332-87000f48-9583-4c50-8bad-af9da319ed23.pcap
5/7/2019 -- 13:32:56 - <Config> - using 1 flow manager threads
5/7/2019 -- 13:32:56 - <Config> - using 1 flow recycler threads
5/7/2019 -- 13:32:56 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-07-05 13:32:34,772 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-05 13:32:35,513 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-05 13:32:35,513 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-05 13:32:35,514 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-05 13:32:35,514 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-05 13:32:35,514 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/cd730f19ff15ac755f05e3ab1526849a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07052019.1332-87000f48-9583-4c50-8bad-af9da319ed23.pcap -vvv -k none
2019-07-05 13:32:57,275 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-05 13:32:57,275 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.5109558105