Filename: dumpslim-7d14b88c82f11063414e88d1b6a9c0f1.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 27.3495740891 seconds
Hash: ce231a9eb6cb33e9a21b99369b9dfdce
Uploaded: 1560373131

Logfiles


unified2.alert.1560373156 - (1742 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
4\õˆÉ—•¹Û!¹ŸRíÀ¨»Â4\õˆÉ\õˆÉ—•éEÛæ㹟RíÀ¨»Â4P”=9Úcç‰j=cŠžòšÞñlM¹¸~ZóLÐš!aÓøÀ0ÿ#<8520‚.0‚ _0
	*†H†÷
0Ë10	U--10U	SomeState10USomeCity10U
SomeOrganization10USomeOrganizationalUnit1&0$UDS8414719.clientshostname.com110/	*†H†÷
	"root@DS8414719.clientshostname.com0
190520071235Z
200519071235Z0Ë10	U--10U	SomeState10USomeCity10U
SomeOrganization10USomeOrganizationalUnit1&0$UDS8414719.clientshostname.com110/	*†H†÷
	"root@DS8414719.clientshostname.com0‚"0
	*†H†÷
‚0‚
‚ÂëiÓ8¬W~ï°"€ºEÏÕ³e1ˆܺsütRÙ¿ôvCRNhLt~b`a‰_L€-ü\ڙžêaá=vžç[Ÿ†	ÿU“¶uǾ;tÔDz ¿64¹¡
LÙkœíïã¶!aù›juÎl’u
?«÷ݼÃo|‰VãÉQ¼úƒî<àAc« ÌëyøÛ¶å
C¤(„»ëgÖðòþ‹r2Ai	X›–¥”Ä·ìW Ó§Sú.Öà׏`ó¶?Wç[Ç
ç)B-¦ 1ަφÎzV5åsPs‡Í1öÂum_d¤]Q,ßözñÆÒ¦>]ˆì(|ìá¦ÿ£00	U00Uà0
	*†H†÷
‚§…¤¤†¤è&þÄÞé-cËĈ¥Y›Æ
šëzk€éµ±ÐüÈn¡4k»ÉŽà+Ɏþô%õ=û­ÚÃ?W]‹ÏPz*n:JAtUjO2,[B±ÑøäE7¿¢·QͧÔ'vNڐàùx•xZ¾+ÈeiZ唸te£7‚/
ƒ³×»0ÎÆæCÉç\“~s"Ïå|áò—îs'ÂoÉ9VR¼™ wݚ÷(‚˜Ë»ÎîH_ޏ=&Ì`߉¿B|^)­é¤¤Œ}Kª_?'´
8¢&´³Ú]í†Â;óDrr[òU’ÏM^ºoŽ’xO+¿jtvMIA¨6 J¡ëV½ÿÁÿl&Þ½â$Œ2ᕳŽø$öÖñì”}\õˆÉ\õˆÉ—•aESêk¹ŸRíÀ¨»Â4PcpýM*KåìÃzï±y£0¸ö†Üî©ÐÆÝ7£<Ë÷)xRÅòdrŒ¿áŽ³’d¹vN¡­¥óј’¨Í¯@‘	g‡9»½‚Ўۏظ^:çÍs€E?±Ò:>¹íªÉëå½^º_à‰<!Ã.õFëmXcC·ŠíÎàê<‚#ò;i$ÐP–ü/	9`cøÒ6ÊMÊu­I}&MûÇíNO$y0?1£‚hÍy0OØgKGÐ
¤"ó3GÒ”"|öÉÔv#ÞÆÈB³(7ÜÌDDŸUÙ¾,Ã7«³ü:¬nzŸTñыJgŒpç-ͨ=08Æd®œø|´Èšå:Q¾Þ†|–õ
)Ûk,


packet_stats.log - (9099 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           914           103293      107473700      83231776         76.1b   99.84
 IPv4      17             6         10695772       36420592      19704099        118.2m    0.16
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           914            66685       12905510        142569        130.3m   78.95
TMM_FLOWWORKER              IPv4      17             6           384238        1335754        646844          3.9m    2.35
TMM_RECEIVEPCAPFILE         IPv4       6           907             2557       14311909         31001         28.1m   17.04
TMM_RECEIVEPCAPFILE         IPv4      17             6             2584          11860          4435         26.6k    0.02
TMM_DECODEPCAPFILE          IPv4       6           907             2641          37224          2953          2.7m    1.62
TMM_DECODEPCAPFILE          IPv4      17             6             2764          32341          7834         47.0k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           907             2842          26656          3393          3.1m  2.81  
flow                    IPv4      17             6             3115          48121         12979         77.9k  0.07  
stream                  IPv4       6           914             2899         798457          7638          7.0m  6.37  
app-layer               IPv4      17             6            11004          85846         28157        168.9k  0.15  
detect                  IPv4       6           914            45263       12870198        102748         93.9m  85.69 
detect                  IPv4      17             6           277805         731557        441176          2.6m  2.42  
tcp-prune               IPv4       6           914             2542          20743          2981          2.7m  2.49  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
tls                     IPv4       6             9             2612           5196          3129         28.2k  32.55 
dns                     IPv4      17             6             5466          24335          9726         58.4k  67.45 
Proto detect            IPv4      17             6             5001          50930         13956         83.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1           104691         104691        104691        104.7k  6.47  
LOGGER_UNIFIED2             IPv4       6             1           134111         134111        134111        134.1k  8.29  
LOGGER_JSON_ALERT           IPv4       6             1            90499          90499         90499         90.5k  5.60  
LOGGER_JSON_DNS             IPv4      17             6            41497         433660        145467        872.8k  53.98 
LOGGER_JSON_TLS             IPv4       6             5            46059         102179         82951        414.8k  25.65 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            61             2590         410651         50094         3.1m  50.97 
payload                           IPv4      17             6            22970          65249         41293       247.8k  4.13  
stream                            IPv4       6            61             2539         421437         41083         2.5m  41.80 
dns_query                         IPv4      17             3            14904          18218         16703        50.1k  0.84  
tls_sni                           IPv4       6             6             2789          12243          7755        46.5k  0.78  
tls_cert_issuer                   IPv4       6             5             4573           9887          7012        35.1k  0.58  
tls_cert_subject                  IPv4       6             5             3301           8197          5913        29.6k  0.49  
tls_cert_serial                   IPv4       6             5             3037           6775          4884        24.4k  0.41  
Total                             IPv4                   152                                         39442         6.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            10             3594        7648805        811271          8.1m  9.52  
PROF_DETECT_IPONLY          IPv4      17             6             4008         194325         70387        422.3k  0.50  
PROF_DETECT_RULES           IPv4       6           914             2518        1183275         11253         10.3m  12.07 
PROF_DETECT_RULES           IPv4      17             6           160539         295713        220917          1.3m  1.56  
PROF_DETECT_STATEFUL_CONT    IPv4       6           914             2504          70137          6492          5.9m  6.97  
PROF_DETECT_STATEFUL_CONT    IPv4      17             6             6145          54919         14554         87.3k  0.10  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           894             2543          31599          2770          2.5m  2.91  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             6             2636           3204          2792         16.8k  0.02  
PROF_DETECT_PREFILTER       IPv4       6           914             7871       12812566         36126         33.0m  38.76 
PROF_DETECT_PREFILTER       IPv4      17             6            60248          88776         78721        472.3k  0.55  
PROF_DETECT_PF_PAYLOAD      IPv4       6            61            14798         476460        100373          6.1m  7.19  
PROF_DETECT_PF_PAYLOAD      IPv4      17             6            28322          70609         46646        279.9k  0.33  
PROF_DETECT_PF_TX           IPv4       6           894             2634          77532          3327          3.0m  3.49  
PROF_DETECT_PF_TX           IPv4      17             3            20397          24184         22899         68.7k  0.08  
PROF_DETECT_PF_SORT1        IPv4       6            49             2544           5412          3241        158.8k  0.19  
PROF_DETECT_PF_SORT1        IPv4      17             6             3798           5082          4250         25.5k  0.03  
PROF_DETECT_PF_SORT2        IPv4       6           914             2511          26337          2815          2.6m  3.02  
PROF_DETECT_PF_SORT2        IPv4      17             6             2881           4312          3458         20.8k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6           914             2527          31379          2992          2.7m  3.21  
PROF_DETECT_NONMPMLIST      IPv4      17             6             2774           3632          3088         18.5k  0.02  
PROF_DETECT_ALERT           IPv4       6           914             2514          31603          2833          2.6m  3.04  
PROF_DETECT_ALERT           IPv4      17             6             2533          15990          4961         29.8k  0.03  
PROF_DETECT_CLEANUP         IPv4       6           914             2553          31992          2842          2.6m  3.05  
PROF_DETECT_CLEANUP         IPv4      17             6             2977           5631          3862         23.2k  0.03  
PROF_DETECT_GETSGH          IPv4       6           914             2507          41621          3032          2.8m  3.25  
PROF_DETECT_GETSGH          IPv4      17             6             5363           7316          6270         37.6k  0.04  


stats.log - (2533 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
------------------------------------------------------------------------------------
Date: 6/12/2019 -- 20:59:18 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 913
decoder.bytes                              | Total                     | 888817
decoder.ipv4                               | Total                     | 913
decoder.ethernet                           | Total                     | 913
decoder.tcp                                | Total                     | 907
decoder.udp                                | Total                     | 6
decoder.avg_pkt_size                       | Total                     | 973
decoder.max_pkt_size                       | Total                     | 2852
flow.tcp                                   | Total                     | 5
flow.udp                                   | Total                     | 3
tcp.sessions                               | Total                     | 5
tcp.syn                                    | Total                     | 5
tcp.synack                                 | Total                     | 5
tcp.rst                                    | Total                     | 2
detect.alert                               | Total                     | 1
detect.nonmpm_list                         | Total                     | 2
app_layer.flow.tls                         | Total                     | 5
app_layer.flow.dns_udp                     | Total                     | 3
app_layer.tx.dns_udp                       | Total                     | 3
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076608


eve.json - (6761 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
{"timestamp":"2019-06-03T20:51:41.878709+0000","flow_id":2178985225971829,"pcap_cnt":1,"event_type":"dns","src_ip":"192.168.2.5","src_port":60811,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22604,"rrname":"config.edge.skype.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-03T20:51:41.885371+0000","flow_id":618198405579387,"pcap_cnt":2,"event_type":"dns","src_ip":"192.168.2.5","src_port":57659,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26407,"rrname":"client-office365-tas.msedge.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-03T20:51:41.892325+0000","flow_id":2178985225971829,"pcap_cnt":3,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":60811,"proto":"UDP","dns":{"type":"answer","id":22604,"rcode":"NOERROR","rrname":"config.edge.skype.com","rrtype":"CNAME","ttl":840,"rdata":"s-0001.s-msedge.net"}}
{"timestamp":"2019-06-03T20:51:41.892325+0000","flow_id":2178985225971829,"pcap_cnt":3,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":60811,"proto":"UDP","dns":{"type":"answer","id":22604,"rcode":"NOERROR","rrname":"s-0001.s-msedge.net","rrtype":"A","ttl":13,"rdata":"13.107.3.128"}}
{"timestamp":"2019-06-03T20:51:41.899046+0000","flow_id":618198405579387,"pcap_cnt":4,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":57659,"proto":"UDP","dns":{"type":"answer","id":26407,"rcode":"NOERROR","rrname":"client-office365-tas.msedge.net","rrtype":"CNAME","ttl":31,"rdata":"afdo-tas-offload.trafficmanager.net"}}
{"timestamp":"2019-06-03T20:51:41.899046+0000","flow_id":618198405579387,"pcap_cnt":4,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":57659,"proto":"UDP","dns":{"type":"answer","id":26407,"rcode":"NOERROR","rrname":"afdo-tas-offload.trafficmanager.net","rrtype":"CNAME","ttl":281,"rdata":"e-0009.e-msedge.net"}}
{"timestamp":"2019-06-03T20:51:41.899046+0000","flow_id":618198405579387,"pcap_cnt":4,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":57659,"proto":"UDP","dns":{"type":"answer","id":26407,"rcode":"NOERROR","rrname":"e-0009.e-msedge.net","rrtype":"A","ttl":221,"rdata":"13.107.5.88"}}
{"timestamp":"2019-06-03T20:51:41.988509+0000","flow_id":1090082167396211,"pcap_cnt":22,"event_type":"tls","src_ip":"192.168.2.5","src_port":49712,"dest_ip":"13.107.3.128","dest_port":443,"proto":"TCP","tls":{"subject":"CN=edge.skype.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5"}}
{"timestamp":"2019-06-03T20:51:41.988924+0000","flow_id":2193910237306724,"pcap_cnt":30,"event_type":"tls","src_ip":"192.168.2.5","src_port":49713,"dest_ip":"13.107.5.88","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.msedge.net","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4"}}
{"timestamp":"2019-06-03T20:51:47.131234+0000","flow_id":311357352378530,"pcap_cnt":66,"event_type":"dns","src_ip":"192.168.2.5","src_port":54527,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30579,"rrname":"mobile.pipe.aria.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-06-03T20:51:47.394051+0000","flow_id":311357352378530,"pcap_cnt":67,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":54527,"proto":"UDP","dns":{"type":"answer","id":30579,"rcode":"NOERROR","rrname":"mobile.pipe.aria.microsoft.com","rrtype":"CNAME","ttl":127,"rdata":"prd.col.aria.mobile.skypedata.akadns.net"}}
{"timestamp":"2019-06-03T20:51:47.394051+0000","flow_id":311357352378530,"pcap_cnt":67,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":54527,"proto":"UDP","dns":{"type":"answer","id":30579,"rcode":"NOERROR","rrname":"prd.col.aria.mobile.skypedata.akadns.net","rrtype":"CNAME","ttl":29,"rdata":"pipe.skype.com"}}
{"timestamp":"2019-06-03T20:51:47.394051+0000","flow_id":311357352378530,"pcap_cnt":67,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":54527,"proto":"UDP","dns":{"type":"answer","id":30579,"rcode":"NOERROR","rrname":"pipe.skype.com","rrtype":"CNAME","ttl":3493,"rdata":"pipe.prd.skypedata.akadns.net"}}
{"timestamp":"2019-06-03T20:51:47.394051+0000","flow_id":311357352378530,"pcap_cnt":67,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":54527,"proto":"UDP","dns":{"type":"answer","id":30579,"rcode":"NOERROR","rrname":"pipe.prd.skypedata.akadns.net","rrtype":"CNAME","ttl":29,"rdata":"pipe.cloudapp.aria.akadns.net"}}
{"timestamp":"2019-06-03T20:51:47.394051+0000","flow_id":311357352378530,"pcap_cnt":67,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.2.5","dest_port":54527,"proto":"UDP","dns":{"type":"answer","id":30579,"rcode":"NOERROR","rrname":"pipe.cloudapp.aria.akadns.net","rrtype":"A","ttl":29,"rdata":"52.114.6.46"}}
{"timestamp":"2019-06-03T20:51:47.869030+0000","flow_id":1480765277943802,"pcap_cnt":82,"event_type":"tls","src_ip":"192.168.2.5","src_port":49715,"dest_ip":"52.114.6.46","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.events.data.microsoft.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2"}}
{"timestamp":"2019-06-03T20:51:47.869295+0000","flow_id":978636356400691,"pcap_cnt":85,"event_type":"tls","src_ip":"192.168.2.5","src_port":49714,"dest_ip":"52.114.6.46","dest_port":443,"proto":"TCP","tls":{"subject":"CN=*.events.data.microsoft.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2"}}
{"timestamp":"2019-06-03T20:53:29.765039+0000","flow_id":1783380090410039,"pcap_cnt":111,"event_type":"tls","src_ip":"192.168.2.5","src_port":49716,"dest_ip":"185.159.82.237","dest_port":443,"proto":"TCP","tls":{"subject":"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=DS8414719.clientshostname.com\/emailAddress=root@DS8414719.clientshostname.com","issuerdn":"C=--, ST=SomeState, L=SomeCity, O=SomeOrganization, OU=SomeOrganizationalUnit, CN=DS8414719.clientshostname.com\/emailAddress=root@DS8414719.clientshostname.com"}}
{"timestamp":"2019-06-03T20:53:29.825237+0000","flow_id":1783380090410039,"pcap_cnt":113,"event_type":"alert","src_ip":"185.159.82.237","src_port":443,"dest_ip":"192.168.2.5","dest_port":49716,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2013659,"rev":4,"signature":"ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"tls"}


suricata-4.0.0-etpro-all-alert-2019-06-12-T-20-59-18-06122019.2058-dumpslim-7d14b88c82f11063414e88d1b6a9c0f1.pcap.txt - (231 bytes) - download
1
06/03/2019-20:53:29.825237  [**] [1:2013659:4] ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 185.159.82.237:443 -> 192.168.2.5:49716


suricata-report-2019-06-12-T-20-59-18-06122019.2058-dumpslim-7d14b88c82f11063414e88d1b6a9c0f1.pcap.txt - (17717 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/ce231a9eb6cb33e9a21b99369b9dfdce56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06122019.2058-dumpslim-7d14b88c82f11063414e88d1b6a9c0f1.pcap -vvv -k none
elapsedtime:26.181425
stderr:
stdout:
12/6/2019 -- 20:58:52 - <Info> - Configuration node 'rule-files' redefined.
12/6/2019 -- 20:58:52 - <Notice> - This is Suricata version 4.0.0 RELEASE
12/6/2019 -- 20:58:52 - <Info> - CPUs/cores online: 1
12/6/2019 -- 20:58:52 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32701 and 'request-body-inspect-window' set to 16136 after randomization.
12/6/2019 -- 20:58:52 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31474 and 'response-body-inspect-window' set to 16043 after randomization.
12/6/2019 -- 20:58:52 - <Config> - DNS request flood protection level: 500
12/6/2019 -- 20:58:52 - <Config> - DNS per flow memcap (state-memcap): 524288
12/6/2019 -- 20:58:52 - <Config> - DNS global memcap: 16777216
12/6/2019 -- 20:58:52 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
12/6/2019 -- 20:58:52 - <Config> - preallocated 1000 hosts of size 136
12/6/2019 -- 20:58:52 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
12/6/2019 -- 20:58:52 - <Config> - using magic-file /usr/share/file/magic
12/6/2019 -- 20:58:52 - <Config> - Core dump size is unlimited.
12/6/2019 -- 20:58:52 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
12/6/2019 -- 20:58:52 - <Config> - preallocated 1000 defrag trackers of size 168
12/6/2019 -- 20:58:52 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
12/6/2019 -- 20:58:52 - <Config> - stream "prealloc-sessions": 2048 (per thread)
12/6/2019 -- 20:58:52 - <Config> - stream "memcap": 33554432
12/6/2019 -- 20:58:52 - <Config> - stream "midstream" session pickups: disabled
12/6/2019 -- 20:58:52 - <Config> - stream "async-oneside": disabled
12/6/2019 -- 20:58:52 - <Config> - stream "checksum-validation": disabled
12/6/2019 -- 20:58:52 - <Config> - stream."inline": disabled
12/6/2019 -- 20:58:52 - <Config> - stream "bypass": disabled
12/6/2019 -- 20:58:52 - <Config> - stream "max-synack-queued": 5
12/6/2019 -- 20:58:52 - <Config> - stream.reassembly "memcap": 134217728
12/6/2019 -- 20:58:52 - <Config> - stream.reassembly "depth": 0
12/6/2019 -- 20:58:52 - <Config> - stream.reassembly "toserver-chunk-size": 2674
12/6/2019 -- 20:58:52 - <Config> - stream.reassembly "toclient-chunk-size": 2516
12/6/2019 -- 20:58:52 - <Config> - stream.reassembly.raw: enabled
12/6/2019 -- 20:58:52 - <Config> - stream.reassembly "segment-prealloc": 2048
12/6/2019 -- 20:58:52 - <Config> - Delayed detect disabled
12/6/2019 -- 20:58:52 - <Config> - pattern matchers: MPM: ac, SPM: bm
12/6/2019 -- 20:58:52 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
12/6/2019 -- 20:58:52 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
12/6/2019 -- 20:58:52 - <Config> - prefilter engines: MPM
12/6/2019 -- 20:58:52 - <Config> - IP reputation disabled
12/6/2019 -- 20:58:52 - <Perf> - Registered 148 keyword profiling counters.
12/6/2019 -- 20:58:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
12/6/2019 -- 20:58:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
12/6/2019 -- 20:58:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
12/6/2019 -- 20:58:57 - <Config> - No rules loaded from ET-icmp.rules.
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
12/6/2019 -- 20:58:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
12/6/2019 -- 20:58:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
12/6/2019 -- 20:58:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
12/6/2019 -- 20:58:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
12/6/2019 -- 20:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
12/6/2019 -- 20:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
12/6/2019 -- 20:59:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
12/6/2019 -- 20:59:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
12/6/2019 -- 20:59:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
12/6/2019 -- 20:59:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
12/6/2019 -- 20:59:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
12/6/2019 -- 20:59:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
12/6/2019 -- 20:59:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
12/6/2019 -- 20:59:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
12/6/2019 -- 20:59:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
12/6/2019 -- 20:59:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
12/6/2019 -- 20:59:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
12/6/2019 -- 20:59:06 - <Config> - No rules loaded from local.rules.
12/6/2019 -- 20:59:06 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
12/6/2019 -- 20:59:06 - <Info> - Threshold config parsed: 0 rule(s) found
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for tcp-packet
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for tcp-stream
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for udp-packet
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for other-ip
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_uri
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_request_line
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_client_body
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_response_line
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_header
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_header
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_header_names
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_header_names
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_accept
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_accept_enc
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_accept_lang
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_referer
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_connection
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_content_len
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_content_len
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_content_type
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_content_type
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_protocol
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_protocol
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_start
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_start
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_raw_header
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_raw_header
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_method
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_cookie
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_cookie
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_raw_uri
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_user_agent
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_host
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_raw_host
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_stat_msg
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_stat_code
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for dns_query
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for tls_sni
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for tls_cert_issuer
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for tls_cert_subject
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for tls_cert_serial
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for dce_stub_data
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for dce_stub_data
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for ssh_protocol
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for ssh_protocol
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for ssh_software
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for ssh_software
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for file_data
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for file_data
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_request_line
12/6/2019 -- 20:59:07 - <Perf> - using shared mpm ctx' for http_response_line
12/6/2019 -- 20:59:07 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
12/6/2019 -- 20:59:07 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
12/6/2019 -- 20:59:07 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
12/6/2019 -- 20:59:07 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
12/6/2019 -- 20:59:07 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
12/6/2019 -- 20:59:07 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
12/6/2019 -- 20:59:07 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
12/6/2019 -- 20:59:07 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
12/6/2019 -- 20:59:13 - <Perf> - Unique rule groups: 104
12/6/2019 -- 20:59:13 - <Perf> - Builtin MPM "toserver TCP packet": 35
12/6/2019 -- 20:59:13 - <Perf> - Builtin MPM "toclient TCP packet": 17
12/6/2019 -- 20:59:13 - <Perf> - Builtin MPM "toserver TCP stream": 33
12/6/2019 -- 20:59:13 - <Perf> - Builtin MPM "toclient TCP stream": 19
12/6/2019 -- 20:59:13 - <Perf> - Builtin MPM "toserver UDP packet": 27
12/6/2019 -- 20:59:13 - <Perf> - Builtin MPM "toclient UDP packet": 17
12/6/2019 -- 20:59:13 - <Perf> - Builtin MPM "other IP packet": 3
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_uri": 14
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_request_line": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_client_body": 6
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient http_response_line": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_header": 10
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient http_header": 6
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_header_names": 2
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_accept": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_referer": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_content_len": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_content_type": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient http_content_type": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_protocol": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_start": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_method": 5
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_cookie": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient http_cookie": 2
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver http_host": 2
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver dns_query": 4
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver tls_sni": 2
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toserver file_data": 1
12/6/2019 -- 20:59:13 - <Perf> - AppLayer MPM "toclient file_data": 7
12/6/2019 -- 20:59:16 - <Perf> - Registered 39590 rule profiling counters.
12/6/2019 -- 20:59:16 - <Info> - fast output device (regular) initialized: alert
12/6/2019 -- 20:59:16 - <Info> - eve-log output device (regular) initialized: eve.json
12/6/2019 -- 20:59:16 - <Config> - enabling 'eve-log' module 'alert'
12/6/2019 -- 20:59:16 - <Config> - enabling 'eve-log' module 'http'
12/6/2019 -- 20:59:16 - <Config> - enabling 'eve-log' module 'dns'
12/6/2019 -- 20:59:16 - <Config> - enabling 'eve-log' module 'tls'
12/6/2019 -- 20:59:16 - <Config> - enabling 'eve-log' module 'files'
12/6/2019 -- 20:59:16 - <Config> - enabling 'eve-log' module 'ssh'
12/6/2019 -- 20:59:16 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
12/6/2019 -- 20:59:16 - <Info> - stats output device (regular) initialized: stats.log
12/6/2019 -- 20:59:16 - <Config> - AutoFP mode using "Hash" flow load balancer
12/6/2019 -- 20:59:16 - <Info> - reading pcap file /var/pcap/06122019.2058-dumpslim-7d14b88c82f11063414e88d1b6a9c0f1.pcap
12/6/2019 -- 20:59:16 - <Co

This file has been truncated. Go here to download in full.


keyword_perf.log - (3645 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 6/12/2019 -- 20:59:18
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             54965           1               1               54965           54965.00        54965.00        0.00           
  content          1777050         533             126             31220           3334.00         4240.00         3053.00        
  pcre             186038          30              0               49357           6201.00         0.00            6201.00        
  byte_test        112492          30              12              22860           3749.00         5054.00         2880.00        
  byte_jump        50413           12              0               12153           4201.00         0.00            4201.00        
  isdataat         8287            3               0               2872            2762.00         0.00            2762.00        
  byte_extract     45667           12              12              13757           3805.00         3805.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             54965           1               1               54965           54965.00        54965.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1777050         533             126             31220           3334.00         4240.00         3053.00        
  pcre             186038          30              0               49357           6201.00         0.00            6201.00        
  byte_test        112492          30              12              22860           3749.00         5054.00         2880.00        
  byte_jump        50413           12              0               12153           4201.00         0.00            4201.00        
  isdataat         8287            3               0               2872            2762.00         0.00            2762.00        
  byte_extract     45667           12              12              13757           3805.00         3805.00         0.00           


IDSDeathBlossom.py.log - (1181 bytes) - download
1
2
3
4
5
6
7
8
2019-06-12 20:58:51,289 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-06-12 20:58:52,152 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-06-12 20:58:52,152 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-06-12 20:58:52,152 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-06-12 20:58:52,152 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-06-12 20:58:52,153 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/ce231a9eb6cb33e9a21b99369b9dfdce56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/06122019.2058-dumpslim-7d14b88c82f11063414e88d1b6a9c0f1.pcap -vvv -k none
2019-06-12 20:59:18,337 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-06-12 20:59:18,338 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.0575139523


suricata-4.0.0-etpro-all-perf.txt-2019-06-12-T-20-59-18-06122019.2058-dumpslim-7d14b88c82f11063414e88d1b6a9c0f1.pcap.txt - (15318 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
  --------------------------------------------------------------------------
  Date: 6/12/2019 -- 20:59:18. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2021749      1        6        1073611      15.29  6        0        277392      178935.17   0.00        178935.17  
  2        2814979      1        2        755724       10.76  6        0        195774      125954.00   0.00        125954.00  
  3        2822213      1        2        767465       10.93  6        0        173459      127910.83   0.00        127910.83  
  4        2814978      1        2        735210       10.47  6        0        172598      122535.00   0.00        122535.00  
  5        2021736      1        3        142726       2.03   1        0        142726      142726.00   0.00        142726.00  
  6        2814961      1        5        138191       1.97   1        0        138191      138191.00   0.00        138191.00  
  7        2021743      1        4        135035       1.92   1        0        135035      135035.00   0.00        135035.00  
  8        2021735      1        4        125596       1.79   1        0        125596      125596.00   0.00        125596.00  
  9        2018005      1        6        402196       5.73   6        0        103967      67032.67    0.00        67032.67   
  10       2017816      1        4        90976        1.30   1        0        90976       90976.00    0.00        90976.00   
  11       2013659      1        4        89570        1.28   1        1        89570       89570.00    89570.00    0.00       
  12       2014701      1        12       118042       1.68   6        0        64924       19673.67    0.00        19673.67   
  13       2001330      1        8        157929       2.25   33       0        61608       4785.73     0.00        4785.73    
  14       2018457      1        1        221295       3.15   6        0        49360       36882.50    0.00        36882.50   
  15       2023611      1        3        41645        0.59   1        0        41645       41645.00    0.00        41645.00   
  16       2020798      1        2        37558        0.53   1        0        37558       37558.00    0.00        37558.00   
  17       2017915      1        2        37409        0.53   1        0        37409       37409.00    0.00        37409.00   
  18       2020795      1        2        32296        0.46   1        0        32296       32296.00    0.00        32296.00   
  19       2020606      1        4        29401        0.42   1        0        29401       29401.00    0.00        29401.00   
  20       2020613      1        3        27341        0.39   1        0        27341       27341.00    0.00        27341.00   
  21       2020768      1        2        23906        0.34   1        0        23906       23906.00    0.00        23906.00   
  22       2021065      1        2        21657        0.31   1        0        21657       21657.00    0.00        21657.00   
  23       2020775      1        2        21279        0.30   1        0        21279       21279.00    0.00        21279.00   
  24       2020786      1        4        41303        0.59   2        0        20974       20651.50    0.00        20651.50   
  25       2020792      1        2        20760        0.30   1        0        20760       20760.00    0.00        20760.00   
  26       2020779      1        3        20705        0.29   1        0        20705       20705.00    0.00        20705.00   
  27       2815451      1        2        81479        1.16   6        0        18736       13579.83    0.00        13579.83   
  28       2826281      1        2        48369        0.69   3        0        17311       16123.00    0.00        16123.00   
  29       2803760      1        3        47215        0.67   3        0        16360       15738.33    0.00        15738.33   
  30       2022543      1        1        45460        0.65   3        0        16310       15153.33    0.00        15153.33   
  31       2014703      1        9        52041        0.74   6        0        15479       8673.50     0.00        8673.50    
  32       2811577      1        2        36468        0.52   4        0        14899       9117.00     0.00        9117.00    
  33       2014702      1        9        50790        0.72   6        0        14897       8465.00     0.00        8465.00    
  34       2019230      1        2        37280        0.53   4        0        14863       9320.00     0.00        9320.00    
  35       2811544      1        1        35631        0.51   4        0        14708       8907.75     0.00        8907.75    
  36       2811542      1        1        45752        0.65   4        0        14658       11438.00    0.00        11438.00   
  37       2827278      1        1        13527        0.19   1        0        13527       13527.00    0.00        13527.00   
  38       2009702      1        5        25706        0.37   6        0        10175       4284.33     0.00        4284.33    
  39       2018789      1        3        25013        0.36   6        0        5636        4168.83     0.00        4168.83    
  40       2806561      1        5        19368        0.28   5        0        4630        3873.60     0.00        3873.60    
  41       2100327      1        10       8206         0.12   2        0        4594        4103.00     0.00        4103.00    
  42       2828876      1        1        97280        1.39   32       0        4539        3040.00     0.00        3040.00    
  43       2017548      1        6        4384         0.06   1        0        4384        4384.00     0.00        4384.00    
  44       2009387      1        4        31030        0.44   9        0        4339        3447.78     0.00        3447.78    
  45       2809258      1        4        32850        0.47   10       0        4315        3285.00     0.00        3285.00    
  46       2816566      1        1        4286         0.06   1        0        4286        4286.00     0.00        4286.00    
  47       2015986      1        5        35457        0.50   11       0        4283        3223.36     0.00        3223.36    
  48       2018281      1        4        10848        0.15   3        0        4282        3616.00     0.00        3616.00    
  49       2018558      1        5        20132        0.29   6        0        4167        3355.33     0.00        3355.33    
  50       2025200      1        1        20012        0.28   6        0        4129        3335.33     0.00        3335.33    
  51       2102190      1        5        54002        0.77   18       0        4051        3000.11     0.00        3000.11    
  52       2021152      1        1        12589        0.18   4        0        4004        3147.25     0.00        3147.25    
  53       2017935      1        3        52887        0.75   18       0        3950        2938.17     0.00        2938.17    
  54       2008116      1        4        3934         0.06   1        0        3934        3934.00     0.00        3934.00    
  55       2022024      1        1        3918         0.06   1        0        3918        3918.00     0.00        3918.00    
  56       2823788      1        4        10456        0.15   3        0        3892        3485.33     0.00        3485.33    
  57       2023510      1        2        6847         0.10   2        0        3820        3423.50     0.00        3423.50    
  58       2019809      1        2        21381        0.30   6        0        3783        3563.50     0.00        3563.50    
  59       2102523      1        8        15637        0.22   5        0        3774        3127.40     0.00        3127.40    
  60       2022547      1        1        78505        1.12   26       0        3737        3019.42     0.00        3019.42    
  61       2010143      1        3        10012        0.14   3        0        3684        3337.33     0.00        3337.33    
  62       2809487      1        2        41229        0.59   14       0        3682        2944.93     0.00        2944.93    
  63       2019017      1        3        3661         0.05   1        0        3661        3661.00     0.00        3661.00    
  64       2824993      1        1        6917         0.10   2        0        3640        3458.50     0.00        3458.50    
  65       2023627      1        3        18137        0.26   6        0        3594        3022.83     0.00        3022.83    
  66       2103158      1        6        30151        0.43   10       0        3581        3015.10     0.00        3015.10    
  67       2102523      1        8        16303        0.23   5        0        3577        3260.60     0.00        3260.60    
  68       2824545      1        2        3566         0.05   1        0        3566        3566.00     0.00        3566.00    
  69       2024777      1        2        29433        0.42   10       0        3518        2943.30     0.00        2943.30    
  70       2808577      1        5        97381        1.39   34       0        3507        2864.15     0.00        2864.15    
  71       2103238      1        4        15333        0.22   5        0        3496        3066.60     0.00        3066.60    
  72       2021248      1        7        3466         0.05   1        0        3466        3466.00     0.00        3466.00    
  73       2809132      1        1        15813        0.23   5        0        3440        3162.60     0.00        3162.60    
  74       2021978      1        6        9127         0.13   3        0        3417        3042.33     0.00        3042.33    
  75       2021976      1        2        9320         0.13   3        0        3406        3106.67     0.00        3106.67    
  76       2009243      1        2        9460         0.13   3        0        3389        3153.33     0.00        3153.33    
  77       2810649      1        1        6172         0.09   2        0        3378        3086.00     0.00        3086.00    
  78       2823966      1        1        30539        0.43   10       0        3360        3053.90     0.00        3053.90    
  79       2008306      1        3        17636        0.25   6        0        3357        2939.33     0.00        2939.33    
  80       2008120      1        4        16991        0.24   6        0        3297        2831.83     0.00        2831.83    
  81       2807546      1        6        9509         0.14   3        0        3271        3169.67     0.00        3169.67    
  82       2804911      1        3        8536         0.12   3        0        3244        2845.33     0.00        2845.33    
  83       2802163      1        2        6095         0.09   2        0        3238        3047.50     0.00        3047.50    
  84       2103159      1        4        15384        0.22   5        0        3237        3076.80     0.00        3076.80    
  85       2801914      1        2        3193         0.05   1        0        3193        3193.00     0.00        3193.00    
  86       2021151      1        1        8351         0.12   3        0        3161        2783.67     0.00        2783.67    
  87       2010140      1        7        9067         0.13   3        0        3161        3022.33     0.00        3022.33    
  88       2100518      1        8        3124         0.04   1        0        3124        3124.00     0.00        3124.00    
  89       2019010      1        3        3076         0.04   1        0        3076        3076.00     0.00        3076.00    
  90       2802205      1        3        3063         0.04   1        0        3063        3063.00     0.00        3063.00    
  91       2802822      1        1        5665         0.08   2        0        3062        2832.50     0.00        2832.50    
  92       2019011      1        3        3051         0.04   1        0        3051        3051.00     0.00        3051.00    
  93       2802823      1        1        8625         0.12   3        0        3031        2875.00     0.00        2875.00    
  94       2008117      1        3        5611         0.08   2        0        3030        2805.50     0.00        2805.50    
  95       2008118      1        3        8584         0.12   3        0        3017        2861.33     0.00        2861.33    
  96       2008119      1        3        8513         0.12   3        0        3011        2837.67     0.00        2837.67    
  97       2019016      1        3        2964         0.04   1        0        2964        2964.00     0.00        2964.00    
  98       2010142      1        4        8610         0.12   3        0        2930        2870.00     0.00        2870.00    
  99       2023615      1        3        7948         0.11   3        0        2868        2649.33     0.00        2649.33    
  100      2023618      1        3        5721         0.08   2        0        2868        2860.50     0.00        2860.50    
  101      2023624      1        3        16120        0.23   6        0        2868        2686.67     0.00        2686.67    
  102      2023625      1        3        13094        0.19   5        0        2857        2618.80     0.00        2618.80    
  103      2023612      1        4        5389         0.08   2        0        2849        2694.50     0.00        2694.50    
  104      2023626      1        3        15842        0.23   6        0        2840        2640.33     0.00        2640.33    
  105      2023623      1        3        5368         0.08   2        0        2839        2684.00     0.00        2684.00    
  106      2021266      1        2        2836         0.04   1        0        2836        2836.00     0.00        2836.00    
  107      2023622      1        3        10583        0.15   4        0        2822        2645.75     0.00        2645.75    
  108      2013075      1        8        8132         0.12   3        0        2820        2710.67     0.00        2710.67    
  109      2023617      1        3        5318         0.08   2        0        2763        2659.00     0.00        2659.00    
  110      2802880      1        3        2662         0.04   1        0        2662        2662.00     0.00        2662.00    
  111      2803027      1        6        2579         0.04   1        0        2579        2579.00     0.00        2579.00    
  112      2023616      1        3        2542         0.04   1        0        2542        2542.00     0.00        2542.00    
  113      2023613      1        3        2534         0.04   1        0        2534        2534.00     0.00        2534.00    
  114      2021267      1        2        2532         0.04   1        0        2532        2532.00     0.00        2532.00    
  115      2826348      1        1        2531         0.04   1        0        2531        2531.00     0.00        2531.00    
  116      2023621      1        4        2527         0.04   1        0        2527        2527.00     0.00        2527.00