Filename: f483d5051f39d1b08613479ccbc81423a15bfe5c5fb5a7792d4307a8af4e4586.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 21.3521518707 seconds
Hash: d432c828912f0f4bd6afd7271342933c
Uploaded: 1551710363

Logfiles


suricata-report-2019-03-04-T-14-39-45-03042019.1439-f483d5051f39d1b08613479ccbc81423a15bfe5c5fb5a7792d4307a8af4e4586.pcap.txt - (17550 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/d432c828912f0f4bd6afd7271342933c56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03042019.1439-f483d5051f39d1b08613479ccbc81423a15bfe5c5fb5a7792d4307a8af4e4586.pcap -vvv -k none
elapsedtime:20.366717
stderr:
stdout:
4/3/2019 -- 14:39:24 - <Info> - Configuration node 'rule-files' redefined.
4/3/2019 -- 14:39:24 - <Notice> - This is Suricata version 4.0.0 RELEASE
4/3/2019 -- 14:39:24 - <Info> - CPUs/cores online: 1
4/3/2019 -- 14:39:24 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32272 and 'request-body-inspect-window' set to 16285 after randomization.
4/3/2019 -- 14:39:24 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33256 and 'response-body-inspect-window' set to 16784 after randomization.
4/3/2019 -- 14:39:24 - <Config> - DNS request flood protection level: 500
4/3/2019 -- 14:39:24 - <Config> - DNS per flow memcap (state-memcap): 524288
4/3/2019 -- 14:39:24 - <Config> - DNS global memcap: 16777216
4/3/2019 -- 14:39:24 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/3/2019 -- 14:39:24 - <Config> - preallocated 1000 hosts of size 136
4/3/2019 -- 14:39:24 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/3/2019 -- 14:39:24 - <Config> - using magic-file /usr/share/file/magic
4/3/2019 -- 14:39:24 - <Config> - Core dump size is unlimited.
4/3/2019 -- 14:39:24 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/3/2019 -- 14:39:24 - <Config> - preallocated 1000 defrag trackers of size 168
4/3/2019 -- 14:39:24 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/3/2019 -- 14:39:24 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/3/2019 -- 14:39:24 - <Config> - stream "memcap": 33554432
4/3/2019 -- 14:39:24 - <Config> - stream "midstream" session pickups: disabled
4/3/2019 -- 14:39:24 - <Config> - stream "async-oneside": disabled
4/3/2019 -- 14:39:24 - <Config> - stream "checksum-validation": disabled
4/3/2019 -- 14:39:24 - <Config> - stream."inline": disabled
4/3/2019 -- 14:39:24 - <Config> - stream "bypass": disabled
4/3/2019 -- 14:39:24 - <Config> - stream "max-synack-queued": 5
4/3/2019 -- 14:39:24 - <Config> - stream.reassembly "memcap": 134217728
4/3/2019 -- 14:39:24 - <Config> - stream.reassembly "depth": 0
4/3/2019 -- 14:39:24 - <Config> - stream.reassembly "toserver-chunk-size": 2436
4/3/2019 -- 14:39:24 - <Config> - stream.reassembly "toclient-chunk-size": 2687
4/3/2019 -- 14:39:24 - <Config> - stream.reassembly.raw: enabled
4/3/2019 -- 14:39:24 - <Config> - stream.reassembly "segment-prealloc": 2048
4/3/2019 -- 14:39:24 - <Config> - Delayed detect disabled
4/3/2019 -- 14:39:24 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/3/2019 -- 14:39:24 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/3/2019 -- 14:39:24 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/3/2019 -- 14:39:24 - <Config> - prefilter engines: MPM
4/3/2019 -- 14:39:24 - <Config> - IP reputation disabled
4/3/2019 -- 14:39:24 - <Perf> - Registered 148 keyword profiling counters.
4/3/2019 -- 14:39:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
4/3/2019 -- 14:39:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
4/3/2019 -- 14:39:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
4/3/2019 -- 14:39:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
4/3/2019 -- 14:39:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
4/3/2019 -- 14:39:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
4/3/2019 -- 14:39:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
4/3/2019 -- 14:39:30 - <Config> - No rules loaded from ET-icmp.rules.
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
4/3/2019 -- 14:39:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
4/3/2019 -- 14:39:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
4/3/2019 -- 14:39:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
4/3/2019 -- 14:39:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
4/3/2019 -- 14:39:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
4/3/2019 -- 14:39:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
4/3/2019 -- 14:39:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
4/3/2019 -- 14:39:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
4/3/2019 -- 14:39:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
4/3/2019 -- 14:39:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
4/3/2019 -- 14:39:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
4/3/2019 -- 14:39:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
4/3/2019 -- 14:39:37 - <Config> - No rules loaded from local.rules.
4/3/2019 -- 14:39:37 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
4/3/2019 -- 14:39:37 - <Info> - Threshold config parsed: 0 rule(s) found
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for tcp-packet
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for tcp-stream
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for udp-packet
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for other-ip
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_uri
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_request_line
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_client_body
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_response_line
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_header
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_header
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_header_names
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_header_names
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_accept
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_accept_enc
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_accept_lang
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_referer
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_connection
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_content_len
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_content_len
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_content_type
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_content_type
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_protocol
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_protocol
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_start
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_start
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_raw_header
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_raw_header
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_method
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_cookie
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_cookie
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_raw_uri
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_user_agent
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_host
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_raw_host
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_stat_msg
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_stat_code
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for dns_query
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for tls_sni
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for tls_cert_serial
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for dce_stub_data
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for dce_stub_data
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for ssh_protocol
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for ssh_protocol
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for ssh_software
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for ssh_software
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for file_data
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for file_data
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_request_line
4/3/2019 -- 14:39:37 - <Perf> - using shared mpm ctx' for http_response_line
4/3/2019 -- 14:39:37 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
4/3/2019 -- 14:39:37 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/3/2019 -- 14:39:38 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
4/3/2019 -- 14:39:38 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
4/3/2019 -- 14:39:38 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
4/3/2019 -- 14:39:38 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
4/3/2019 -- 14:39:38 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
4/3/2019 -- 14:39:38 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/3/2019 -- 14:39:42 - <Perf> - Unique rule groups: 104
4/3/2019 -- 14:39:42 - <Perf> - Builtin MPM "toserver TCP packet": 35
4/3/2019 -- 14:39:42 - <Perf> - Builtin MPM "toclient TCP packet": 17
4/3/2019 -- 14:39:42 - <Perf> - Builtin MPM "toserver TCP stream": 33
4/3/2019 -- 14:39:42 - <Perf> - Builtin MPM "toclient TCP stream": 19
4/3/2019 -- 14:39:42 - <Perf> - Builtin MPM "toserver UDP packet": 27
4/3/2019 -- 14:39:42 - <Perf> - Builtin MPM "toclient UDP packet": 17
4/3/2019 -- 14:39:42 - <Perf> - Builtin MPM "other IP packet": 3
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_uri": 14
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_request_line": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_client_body": 6
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient http_response_line": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_header": 10
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient http_header": 6
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_header_names": 2
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_accept": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_referer": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_content_len": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_content_type": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient http_content_type": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_protocol": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_start": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_method": 5
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver http_host": 2
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver tls_sni": 2
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toserver file_data": 1
4/3/2019 -- 14:39:42 - <Perf> - AppLayer MPM "toclient file_data": 7
4/3/2019 -- 14:39:44 - <Perf> - Registered 39590 rule profiling counters.
4/3/2019 -- 14:39:44 - <Info> - fast output device (regular) initialized: alert
4/3/2019 -- 14:39:44 - <Info> - eve-log output device (regular) initialized: eve.json
4/3/2019 -- 14:39:44 - <Config> - enabling 'eve-log' module 'alert'
4/3/2019 -- 14:39:44 - <Config> - enabling 'eve-log' module 'http'
4/3/2019 -- 14:39:44 - <Config> - enabling 'eve-log' module 'dns'
4/3/2019 -- 14:39:44 - <Config> - enabling 'eve-log' module 'tls'
4/3/2019 -- 14:39:44 - <Config> - enabling 'eve-log' module 'files'
4/3/2019 -- 14:39:44 - <Config> - enabling 'eve-log' module 'ssh'
4/3/2019 -- 14:39:44 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
4/3/2019 -- 14:39:44 - <Info> - stats output device (regular) initialized: stats.log
4/3/2019 -- 14:39:44 - <Config> - AutoFP mode using "Hash" flow load balancer
4/3/2019 -- 14:39:44 - <Info> - reading pcap file /var/pcap/03042019.1439-f483d5051f39d1b08613479ccbc81423a15bfe5c5fb5a7792d4307a8af4e4586.pcap
4/3/2019 -- 14:39:44 - <Config> - using 1 flow manager threads
4/3/2019 -- 14:39:44 - <Config> - using 1 flow recycler threads
4/3/2019 -- 14:39:44 - <Notice> - all 2 packet pro

This file has been truncated. Go here to download in full.


packet_stats.log - (13358 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2            10          5854192       20226713      10755520        107.6m    0.55
 IPv4       6           161          3692519      138250160      95989734         15.5b   78.83
 IPv4      17           102          6276892      145511076      39625012          4.0b   20.62
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2            10            88956        9799156       1064904         10.6m    7.34
TMM_FLOWWORKER              IPv4       6           161            68598       19815874        575289         92.6m   63.85
TMM_FLOWWORKER              IPv4      17           102           118923        8357341        392292         40.0m   27.59
TMM_RECEIVEPCAPFILE         IPv4       2            10             2613           2851          2757         27.6k    0.02
TMM_RECEIVEPCAPFILE         IPv4       6           160             2542          58141          3978        636.5k    0.44
TMM_RECEIVEPCAPFILE         IPv4      17           102             2546           3714          2830        288.7k    0.20
TMM_DECODEPCAPFILE          IPv4       2            10             2657          11178          3666         36.7k    0.03
TMM_DECODEPCAPFILE          IPv4       6           160             2658          11038          2943        470.9k    0.32
TMM_DECODEPCAPFILE          IPv4      17           102             2670          18231          3029        309.0k    0.21

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           160             2846          15741          3308        529.4k  0.39  
flow                    IPv4      17           102             2666          26419          3741        381.7k  0.28  
stream                  IPv4       6           161             2747         329033         17364          2.8m  2.09  
app-layer               IPv4      17           102             2527          57008          6815        695.1k  0.52  
detect                  IPv4       2            10            83316        9787129       1058674         10.6m  7.90  
detect                  IPv4       6           161            45692       19654985        530065         85.3m  63.66 
detect                  IPv4      17           102           102427        8333776        325393         33.2m  24.76 
tcp-prune               IPv4       6           161             2560          17054          3280        528.1k  0.39  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             4             3223          37685         18378         73.5k  33.61 
dns                     IPv4      17            26             3605          21285          5583        145.2k  66.39 
Proto detect            IPv4      17            32             3056          26914          6493        207.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            24            27859         441578         57520          1.4m  60.33 
LOGGER_JSON_HTTP            IPv4       6             5            69752         148705        108023        540.1k  23.60 
LOGGER_JSON_FILE            IPv4       6             5            61151          97408         73554        367.8k  16.07 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            31             2623        1529670        206377         6.4m  34.30 
payload                           IPv4      17           102             3122         776636         16447         1.7m  8.99  
stream                            IPv4       6            31             2553        1173644        191861         5.9m  31.89 
http_uri                          IPv4       6             5            10481          29805         19926        99.6k  0.53  
http_request_line                 IPv4       6             5             5089           7693          6378        31.9k  0.17  
http_client_body                  IPv4       6            15             2726         925962        185935         2.8m  14.95 
http_header (request)             IPv4       6             5            72154         150637        110188       550.9k  2.95  
http_header (request trailer)     IPv4       6             5             2669           3914          2934        14.7k  0.08  
http_header_names (request)       IPv4       6             5            13490          25406         18315        91.6k  0.49  
http_accept (request)             IPv4       6             5             3240           6501          5117        25.6k  0.14  
http_referer (request)            IPv4       6             5             3054           3656          3257        16.3k  0.09  
http_content_len (request)        IPv4       6             5             3319           4942          4001        20.0k  0.11  
http_content_type (request)       IPv4       6             5             2982          10531          6174        30.9k  0.17  
http_protocol (request)           IPv4       6             5             3407           5100          4485        22.4k  0.12  
http_start (request)              IPv4       6             5            10250          18563         14206        71.0k  0.38  
http_raw_header (request)         IPv4       6            15             6375          19031          9563       143.5k  0.77  
http_method                       IPv4       6             5             5700           7161          6534        32.7k  0.18  
http_cookie (request)             IPv4       6             5             3028           4073          3459        17.3k  0.09  
http_raw_uri                      IPv4       6             5             3682           8211          6435        32.2k  0.17  
http_user_agent                   IPv4       6             5            18642          49906         37407       187.0k  1.00  
http_host                         IPv4       6             5             5408          10740          7910        39.6k  0.21  
dns_query                         IPv4      17            12             3264          14739          7365        88.4k  0.47  
http_response_line                IPv4       6             5             5450           9309          7048        35.2k  0.19  
http_header (response)            IPv4       6             5            20812          38514         29759       148.8k  0.80  
http_header (response trailer)    IPv4       6             5             2606           2840          2692        13.5k  0.07  
http_content_type (response)      IPv4       6             5             6945          10359          8288        41.4k  0.22  
http_raw_header (response)        IPv4       6             5             8143           9638          8791        44.0k  0.24  
http_cookie (response)            IPv4       6             5             3060           3401          3260        16.3k  0.09  
http_stat_code                    IPv4       6             5             3962           6198          5324        26.6k  0.14  
Total                             IPv4                   321                                         58110        18.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2            10            36742          72976         40728        407.3k  0.25  
PROF_DETECT_IPONLY          IPv4       6             8            10661         110281         39797        318.4k  0.20  
PROF_DETECT_IPONLY          IPv4      17            32            36994          71165         43670          1.4m  0.87  
PROF_DETECT_RULES           IPv4       2            10             2540           3275          2619         26.2k  0.02  
PROF_DETECT_RULES           IPv4       6           161             2549       16039117        350069         56.4m  35.14 
PROF_DETECT_RULES           IPv4      17           102            44422        8271765        198821         20.3m  12.64 
PROF_DETECT_STATEFUL_START    IPv4       6            25             5253        2486806        609855         15.2m  9.51  
PROF_DETECT_STATEFUL_CONT    IPv4       2            10             2519           2724          2573         25.7k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv4       6           161             2549         187040         11415          1.8m  1.15  
PROF_DETECT_STATEFUL_CONT    IPv4      17           102             2519         384867          7834        799.1k  0.50  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           143             2564          19717          2961        423.5k  0.26  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            24             2616           3807          2784         66.8k  0.04  
PROF_DETECT_PREFILTER       IPv4       2            10             7773          11158          8260         82.6k  0.05  
PROF_DETECT_PREFILTER       IPv4       6           161             7983        3397759        125647         20.2m  12.61 
PROF_DETECT_PREFILTER       IPv4      17           102            23684         897969         66046          6.7m  4.20  
PROF_DETECT_PF_PAYLOAD      IPv4       6            31            31016        2414524        406232         12.6m  7.85  
PROF_DETECT_PF_PAYLOAD      IPv4      17           102             8193         782313         22619          2.3m  1.44  
PROF_DETECT_PF_TX           IPv4       6           143             2689         944647         37716          5.4m  3.36  
PROF_DETECT_PF_TX           IPv4      17            12             8497          21730         13045        156.5k  0.10  
PROF_DETECT_PF_SORT1        IPv4       6            31             2770          19443          7438        230.6k  0.14  
PROF_DETECT_PF_SORT1        IPv4      17           102             2615         865120         15608          1.6m  0.99  
PROF_DETECT_PF_SORT2        IPv4       2            10             2525           2805          2589         25.9k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6           161             2531           6767          2882        464.1k  0.29  
PROF_DETECT_PF_SORT2        IPv4      17           102             2557          16518          2974        303.4k  0.19  
PROF_DETECT_NONMPMLIST      IPv4       2            10             2535           2805          2713         27.1k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6           161             2565          16991          2912        468.9k  0.29  
PROF_DETECT_NONMPMLIST      IPv4      17           102             2534           3728          2789        284.6k  0.18  
PROF_DETECT_ALERT           IPv4       2            10             2529        9697742        972072          9.7m  6.06  
PROF_DETECT_ALERT           IPv4       6           161             2532          20478          2869        461.9k  0.29  
PROF_DETECT_ALERT           IPv4      17           102             2533          15030          2896        295.5k  0.18  
PROF_DETECT_CLEANUP         IPv4       2            10             2525           3496          2640         26.4k  0.02  
PROF_DETECT_CLEANUP         IPv4       6           161             2566          11038          2833        456.2k  0.28  
PROF_DETECT_CLEANUP         IPv4      17           102             2527          63775          3428        349.7k  0.22  
PROF_DETECT_GETSGH          IPv4       2            10             2628           3503          2830         28.3k  0.02  
PROF_DETECT_GETSGH          IPv4       6           161             2530          13313          3041        489.6k  0.31  
PROF_DETECT_GETSGH          IPv4      17           102             2536          52085          4788        488.4k  0.30  


stats.log - (2763 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
------------------------------------------------------------------------------------
Date: 3/4/2019 -- 14:39:45 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 293
decoder.bytes                              | Total                     | 160240
decoder.ipv4                               | Total                     | 272
decoder.ethernet                           | Total                     | 293
decoder.tcp                                | Total                     | 160
decoder.udp                                | Total                     | 102
decoder.avg_pkt_size                       | Total                     | 546
decoder.max_pkt_size                       | Total                     | 52806
flow.tcp                                   | Total                     | 4
flow.udp                                   | Total                     | 20
tcp.sessions                               | Total                     | 4
tcp.syn                                    | Total                     | 4
tcp.synack                                 | Total                     | 4
tcp.rst                                    | Total                     | 1
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 10
app_layer.flow.http                        | Total                     | 4
app_layer.tx.http                          | Total                     | 5
app_layer.flow.dns_udp                     | Total                     | 12
app_layer.tx.dns_udp                       | Total                     | 12
app_layer.flow.failed_udp                  | Total                     | 8
flow.spare                                 | Total                     | 9995
flow_mgr.flows_checked                     | Total                     | 2
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65534
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074880


eve.json - (14452 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{"timestamp":"2019-01-31T09:39:22.351733+0000","flow_id":1860776365809141,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.56.103","src_port":60252,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":14744,"rrname":"106.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:39:22.540940+0000","flow_id":1860776365809141,"pcap_cnt":95,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":60252,"proto":"UDP","dns":{"type":"answer","id":14744,"rcode":"NOERROR","rrname":"106.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:39:26.814428+0000","flow_id":177853560679772,"pcap_cnt":112,"event_type":"dns","src_ip":"192.168.56.103","src_port":54921,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16106,"rrname":"aiyac-updaite.hol.es","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-31T09:39:26.959308+0000","flow_id":177853560679772,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":54921,"proto":"UDP","dns":{"type":"answer","id":16106,"rcode":"NOERROR","rrname":"aiyac-updaite.hol.es","rrtype":"A","ttl":0,"rdata":"185.224.138.29"}}
{"timestamp":"2019-01-31T09:39:27.312532+0000","flow_id":1451139565266767,"pcap_cnt":120,"event_type":"http","src_ip":"192.168.56.103","src_port":49168,"dest_ip":"185.224.138.29","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"aiyac-updaite.hol.es","url":"\/bbs\/data\/tmp\/alpha.php?pts=ha","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-01-31T09:39:27.593893+0000","flow_id":1134175273816037,"pcap_cnt":121,"event_type":"dns","src_ip":"192.168.56.103","src_port":63091,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49923,"rrname":"29.138.224.185.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:39:27.801710+0000","flow_id":1134175273816037,"pcap_cnt":122,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":63091,"proto":"UDP","dns":{"type":"answer","id":49923,"rcode":"NOERROR","rrname":"29.138.224.185.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:39:32.115185+0000","flow_id":1451139565266767,"pcap_cnt":123,"event_type":"fileinfo","src_ip":"185.224.138.29","src_port":80,"dest_ip":"192.168.56.103","dest_port":49168,"proto":"TCP","http":{"hostname":"aiyac-updaite.hol.es","url":"\/bbs\/data\/tmp\/alpha.php?pts=ha","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":220},"app_proto":"http","fileinfo":{"filename":"\/bbs\/data\/tmp\/alpha.php","gaps":false,"state":"CLOSED","stored":false,"size":220,"tx_id":0}}
{"timestamp":"2019-01-31T09:39:37.091461+0000","flow_id":1759629886973253,"pcap_cnt":125,"event_type":"dns","src_ip":"192.168.56.103","src_port":54544,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42177,"rrname":"104.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:39:37.140586+0000","flow_id":2089547799799082,"pcap_cnt":126,"event_type":"dns","src_ip":"192.168.56.103","src_port":52055,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":47949,"rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:39:37.279284+0000","flow_id":1759629886973253,"pcap_cnt":127,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":54544,"proto":"UDP","dns":{"type":"answer","id":42177,"rcode":"NOERROR","rrname":"104.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:39:37.341703+0000","flow_id":2089547799799082,"pcap_cnt":128,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":52055,"proto":"UDP","dns":{"type":"answer","id":47949,"rcode":"NOERROR","rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:39:50.270829+0000","flow_id":2006569032491501,"pcap_cnt":129,"event_type":"dns","src_ip":"192.168.56.103","src_port":53606,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27168,"rrname":"a.7.7.a.6.c.5.1.3.9.5.9.c.a.c.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:39:50.471667+0000","flow_id":2006569032491501,"pcap_cnt":130,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":53606,"proto":"UDP","dns":{"type":"answer","id":27168,"rcode":"NOERROR","rrname":"a.7.7.a.6.c.5.1.3.9.5.9.c.a.c.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:40:02.291790+0000","flow_id":1344285076255694,"pcap_cnt":131,"event_type":"dns","src_ip":"192.168.56.103","src_port":54814,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42917,"rrname":"8.1.3.6.4.0.a.6.a.f.d.3.6.4.c.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:40:02.323860+0000","flow_id":478823396339988,"pcap_cnt":132,"event_type":"dns","src_ip":"192.168.56.103","src_port":49609,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37758,"rrname":"105.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:40:02.494772+0000","flow_id":1344285076255694,"pcap_cnt":133,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":54814,"proto":"UDP","dns":{"type":"answer","id":42917,"rcode":"NOERROR","rrname":"8.1.3.6.4.0.a.6.a.f.d.3.6.4.c.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:40:02.511533+0000","flow_id":478823396339988,"pcap_cnt":134,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":49609,"proto":"UDP","dns":{"type":"answer","id":37758,"rcode":"NOERROR","rrname":"105.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:40:10.411488+0000","flow_id":1404938604965966,"pcap_cnt":145,"event_type":"http","src_ip":"192.168.56.103","src_port":49189,"dest_ip":"185.224.138.29","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"aiyac-updaite.hol.es","url":"\/bbs\/data\/tmp\/alpha.php?pts=hb","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-01-31T09:40:10.411488+0000","flow_id":1404938604965966,"pcap_cnt":145,"event_type":"fileinfo","src_ip":"185.224.138.29","src_port":80,"dest_ip":"192.168.56.103","dest_port":49189,"proto":"TCP","http":{"hostname":"aiyac-updaite.hol.es","url":"\/bbs\/data\/tmp\/alpha.php?pts=hb","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":220},"app_proto":"http","fileinfo":{"filename":"\/bbs\/data\/tmp\/alpha.php","gaps":false,"state":"CLOSED","stored":false,"size":220,"tx_id":0}}
{"timestamp":"2019-01-31T09:40:11.145689+0000","flow_id":1251427883826034,"pcap_cnt":270,"event_type":"http","src_ip":"192.168.56.103","src_port":49190,"dest_ip":"185.224.138.29","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"aiyac-updaite.hol.es","url":"\/Est\/board.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-01-31T09:40:11.145689+0000","flow_id":1251427883826034,"pcap_cnt":270,"event_type":"fileinfo","src_ip":"192.168.56.103","src_port":49190,"dest_ip":"185.224.138.29","dest_port":80,"proto":"TCP","http":{"hostname":"aiyac-updaite.hol.es","url":"\/Est\/board.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":0},"app_proto":"http","fileinfo":{"filename":"\/Est\/up\/E40C8652FA23_AllList_20190131_151458041","gaps":false,"state":"CLOSED","stored":false,"size":135602,"tx_id":0}}
{"timestamp":"2019-01-31T09:40:11.437242+0000","flow_id":1251427883826034,"pcap_cnt":273,"event_type":"http","src_ip":"192.168.56.103","src_port":49190,"dest_ip":"185.224.138.29","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"aiyac-updaite.hol.es","url":"\/bbs\/data\/tmp\/alpha.php?pts=hc","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-01-31T09:40:14.689495+0000","flow_id":1251427883826034,"pcap_cnt":276,"event_type":"fileinfo","src_ip":"185.224.138.29","src_port":80,"dest_ip":"192.168.56.103","dest_port":49190,"proto":"TCP","http":{"hostname":"aiyac-updaite.hol.es","url":"\/bbs\/data\/tmp\/alpha.php?pts=hc","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":220},"app_proto":"http","fileinfo":{"filename":"\/bbs\/data\/tmp\/alpha.php","gaps":false,"state":"CLOSED","stored":false,"size":220,"tx_id":1}}
{"timestamp":"2019-01-31T09:40:14.934149+0000","flow_id":1450340704483517,"pcap_cnt":285,"event_type":"http","src_ip":"192.168.56.103","src_port":49193,"dest_ip":"185.224.138.29","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"aiyac-updaite.hol.es","url":"\/Est\/board.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-01-31T09:40:14.934149+0000","flow_id":1450340704483517,"pcap_cnt":285,"event_type":"fileinfo","src_ip":"192.168.56.103","src_port":49193,"dest_ip":"185.224.138.29","dest_port":80,"proto":"TCP","http":{"hostname":"aiyac-updaite.hol.es","url":"\/Est\/board.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/Est\/up\/up_20190131_151503467","gaps":false,"state":"CLOSED","stored":false,"size":0,"tx_id":0}}
{"timestamp":"2019-01-31T09:40:15.129366+0000","flow_id":812868773607766,"pcap_cnt":286,"event_type":"dns","src_ip":"192.168.56.103","src_port":60920,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":7460,"rrname":"7.c.c.7.9.7.d.7.7.4.d.b.c.5.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:40:15.327040+0000","flow_id":812868773607766,"pcap_cnt":287,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":60920,"proto":"UDP","dns":{"type":"answer","id":7460,"rcode":"NOERROR","rrname":"7.c.c.7.9.7.d.7.7.4.d.b.c.5.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:40:19.157936+0000","flow_id":1550404852869360,"pcap_cnt":288,"event_type":"dns","src_ip":"192.168.56.103","src_port":62020,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57138,"rrname":"111.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:40:19.348215+0000","flow_id":1550404852869360,"pcap_cnt":289,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":62020,"proto":"UDP","dns":{"type":"answer","id":57138,"rcode":"NOERROR","rrname":"111.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:40:26.376123+0000","flow_id":1640972828720443,"pcap_cnt":290,"event_type":"dns","src_ip":"192.168.56.103","src_port":55503,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28475,"rrname":"107.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:40:26.563218+0000","flow_id":1640972828720443,"pcap_cnt":291,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":55503,"proto":"UDP","dns":{"type":"answer","id":28475,"rcode":"NOERROR","rrname":"107.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-01-31T09:40:27.345119+0000","flow_id":172639474369567,"pcap_cnt":292,"event_type":"dns","src_ip":"192.168.56.103","src_port":59426,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":46572,"rrname":"d.8.1.f.9.a.f.a.0.9.2.1.c.3.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-01-31T09:40:27.543551+0000","flow_id":172639474369567,"pcap_cnt":293,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.103","dest_port":59426,"proto":"UDP","dns":{"type":"answer","id":46572,"rcode":"NOERROR","rrname":"d.8.1.f.9.a.f.a.0.9.2.1.c.3.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}


keyword_perf.log - (12339 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/4/2019 -- 14:39:45
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            6356            2               2               3194            3178.00         3178.00         0.00           
  flow             2510336         734             734             33732           3420.00         3420.00         0.00           
  content          20583448        1532            956             407012          13435.00        17348.00        6940.00        
  pcre             1101016         192             47              25503           5734.00         5118.00         5933.00        
  byte_test        363042          124             49              6649            2927.00         2947.00         2914.00        
  byte_jump        520516          178             4               16445           2924.00         2975.00         2923.00        
  isdataat         2865            1               0               2865            2865.00         0.00            2865.00        
  flowbits         87933           25              7               5643            3517.00         4157.00         3268.00        
  urilen           613869          199             65              15870           3084.00         3067.00         3093.00        
  byte_extract     7344            2               2               3708            3672.00         3672.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            6356            2               2               3194            3178.00         3178.00         0.00           
  flow             2510336         734             734             33732           3420.00         3420.00         0.00           
  flowbits         58829           18              0               5043            3268.00         0.00            3268.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13544742        429             274             407012          31572.00        46827.00        4606.00        
  pcre             112247          10              0               25503           11224.00        0.00            11224.00       
  byte_test        363042          124             49              6649            2927.00         2947.00         2914.00        
  byte_jump        520516          178             4               16445           2924.00         2975.00         2923.00        
  isdataat         2865            1               0               2865            2865.00         0.00            2865.00        
  byte_extract     7344            2               2               3708            3672.00         3672.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         29104           7               7               5643            4157.00         4157.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          985089          239             163             69535           4121.00         3677.00         5074.00        
  pcre             693739          128             22              22346           5419.00         5330.00         5438.00        
  urilen           613869          199             65              15870           3084.00         3067.00         3093.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2965019         96              13              294639          30885.00        81300.00        22989.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          61760           2               0               36173           30880.00        0.00            30880.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          20454           6               0               3909            3409.00         0.00            3409.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2092342         506             351             43548           4135.00         4292.00         3777.00        
  pcre             252256          44              15              15564           5733.00         5369.00         5921.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          95416           26              13              5163            3669.00         3892.00         3447.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          34735           10              10              4605            3473.00         3473.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          232143          66              36              15720           3517.00         3517.00         3517.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          518480          142             90              16598           3651.00         3990.00         3064.00        
  pcre             42774           10              10              4852            4277.00         4277.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33268           10              6               3914            3326.00         3420.00         3186.00        


IDSDeathBlossom.py.log - (1204 bytes) - download
1
2
3
4
5
6
7
8
2019-03-04 14:39:24,160 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-04 14:39:24,897 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-04 14:39:24,897 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-03-04 14:39:24,898 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-04 14:39:24,898 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-04 14:39:24,898 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/d432c828912f0f4bd6afd7271342933c56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03042019.1439-f483d5051f39d1b08613479ccbc81423a15bfe5c5fb5a7792d4307a8af4e4586.pcap -vvv -k none
2019-03-04 14:39:45,267 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-04 14:39:45,267 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 21.1156671047


suricata-4.0.0-etpro-all-perf.txt-2019-03-04-T-14-39-45-03042019.1439-f483d5051f39d1b08613479ccbc81423a15bfe5c5fb5a7792d4307a8af4e4586.pcap.txt - (52949 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 3/4/2019 -- 14:39:45. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2013739      1        15       8389366      12.57  78       0        8186085     107555.97   0.00        107555.97  
  2        2018784      1        9        1413735      2.12   3        0        596356      471245.00   0.00        471245.00  
  3        2020786      1        4        758646       1.14   3        0        441598      252882.00   0.00        252882.00  
  4        2020770      1        2        440582       0.66   1        0        440582      440582.00   0.00        440582.00  
  5        2020696      1        1        584772       0.88   3        0        438143      194924.00   0.00        194924.00  
  6        2018069      1        1        548462       0.82   2        0        428623      274231.00   0.00        274231.00  
  7        2018638      1        2        545538       0.82   3        0        425061      181846.00   0.00        181846.00  
  8        2021065      1        2        570035       0.85   3        0        424649      190011.67   0.00        190011.67  
  9        2020608      1        4        453515       0.68   2        0        423052      226757.50   0.00        226757.50  
  10       2020796      1        2        419731       0.63   1        0        419731      419731.00   0.00        419731.00  
  11       2020773      1        2        603192       0.90   3        0        417532      201064.00   0.00        201064.00  
  12       2018054      1        1        835352       1.25   5        0        414388      167070.40   0.00        167070.40  
  13       2020609      1        4        411108       0.62   1        0        411108      411108.00   0.00        411108.00  
  14       2022773      1        2        707115       1.06   4        0        406937      176778.75   0.00        176778.75  
  15       2020779      1        3        405489       0.61   1        0        405489      405489.00   0.00        405489.00  
  16       2020763      1        2        584756       0.88   3        0        404635      194918.67   0.00        194918.67  
  17       2018880      1        2        892769       1.34   5        0        404383      178553.80   0.00        178553.80  
  18       2020780      1        2        650553       0.97   3        0        404238      216851.00   0.00        216851.00  
  19       2020772      1        2        996737       1.49   6        0        400314      166122.83   0.00        166122.83  
  20       2020613      1        3        461388       0.69   2        0        400254      230694.00   0.00        230694.00  
  21       2020778      1        2        725984       1.09   3        0        399777      241994.67   0.00        241994.67  
  22       2018166      1        3        487726       0.73   2        0        398936      243863.00   0.00        243863.00  
  23       2020768      1        2        594549       0.89   2        0        397246      297274.50   0.00        297274.50  
  24       2020606      1        4        473421       0.71   2        0        397095      236710.50   0.00        236710.50  
  25       2019602      1        1        396642       0.59   1        0        396642      396642.00   0.00        396642.00  
  26       2020788      1        2        589581       0.88   3        0        396354      196527.00   0.00        196527.00  
  27       2018637      1        2        516685       0.77   2        0        396266      258342.50   0.00        258342.50  
  28       2018153      1        4        396228       0.59   1        0        396228      396228.00   0.00        396228.00  
  29       2020798      1        2        396063       0.59   1        0        396063      396063.00   0.00        396063.00  
  30       2020694      1        1        395135       0.59   1        0        395135      395135.00   0.00        395135.00  
  31       2020767      1        2        394386       0.59   1        0        394386      394386.00   0.00        394386.00  
  32       2020610      1        3        540666       0.81   3        0        394046      180222.00   0.00        180222.00  
  33       2018077      1        5        394030       0.59   1        0        394030      394030.00   0.00        394030.00  
  34       2020692      1        1        651539       0.98   3        0        393916      217179.67   0.00        217179.67  
  35       2815132      1        3        483484       0.72   2        0        349001      241742.00   0.00        241742.00  
  36       2018085      1        2        355152       0.53   2        0        254485      177576.00   0.00        177576.00  
  37       2020781      1        5        230326       0.35   1        0        230326      230326.00   0.00        230326.00  
  38       2024565      1        3        255699       0.38   2        0        227635      127849.50   0.00        127849.50  
  39       2823263      1        3        253766       0.38   2        0        210693      126883.00   0.00        126883.00  
  40       2020791      1        3        202468       0.30   1        0        202468      202468.00   0.00        202468.00  
  41       2020782      1        2        307649       0.46   2        0        199369      153824.50   0.00        153824.50  
  42       2020774      1        2        517513       0.78   5        0        198209      103502.60   0.00        103502.60  
  43       2019083      1        2        196216       0.29   1        0        196216      196216.00   0.00        196216.00  
  44       2020612      1        3        292976       0.44   3        0        189031      97658.67    0.00        97658.67   
  45       2020765      1        2        506324       0.76   5        0        186720      101264.80   0.00        101264.80  
  46       2020785      1        3        334848       0.50   3        0        185660      111616.00   0.00        111616.00  
  47       2017913      1        3        185307       0.28   1        0        185307      185307.00   0.00        185307.00  
  48       2020789      1        2        184719       0.28   1        0        184719      184719.00   0.00        184719.00  
  49       2018013      1        3        304183       0.46   2        0        184222      152091.50   0.00        152091.50  
  50       2017707      1        4        266152       0.40   2        0        171157      133076.00   0.00        133076.00  
  51       2017934      1        4        184820       0.28   2        0        153033      92410.00    0.00        92410.00   
  52       2816515      1        3        247130       0.37   2        0        151886      123565.00   0.00        123565.00  
  53       2019094      1        5        748355       1.12   15       0        151847      49890.33    0.00        49890.33   
  54       2020764      1        2        143224       0.21   1        0        143224      143224.00   0.00        143224.00  
  55       2018639      1        2        170667       0.26   2        0        139147      85333.50    0.00        85333.50   
  56       2020799      1        2        131596       0.20   1        0        131596      131596.00   0.00        131596.00  
  57       2023611      1        3        126391       0.19   1        0        126391      126391.00   0.00        126391.00  
  58       2020790      1        2        197585       0.30   2        0        120576      98792.50    0.00        98792.50   
  59       2020691      1        1        418939       0.63   4        0        120563      104734.75   0.00        104734.75  
  60       2020797      1        2        119767       0.18   1        0        119767      119767.00   0.00        119767.00  
  61       2020795      1        2        119426       0.18   1        0        119426      119426.00   0.00        119426.00  
  62       2017877      1        3        114188       0.17   1        0        114188      114188.00   0.00        114188.00  
  63       2826281      1        2        292194       0.44   12       0        114112      24349.50    0.00        24349.50   
  64       2020693      1        1        110491       0.17   1        0        110491      110491.00   0.00        110491.00  
  65       2816910      1        2        353369       0.53   5        0        108872      70673.80    0.00        70673.80   
  66       2020793      1        2        108491       0.16   1        0        108491      108491.00   0.00        108491.00  
  67       2018636      1        2        108125       0.16   1        0        108125      108125.00   0.00        108125.00  
  68       2020766      1        2        108080       0.16   1        0        108080      108080.00   0.00        108080.00  
  69       2816927      1        3        236362       0.35   5        0        105522      47272.40    0.00        47272.40   
  70       2020771      1        2        179439       0.27   2        0        103150      89719.50    0.00        89719.50   
  71       2020784      1        2        175705       0.26   2        0        101296      87852.50    0.00        87852.50   
  72       2017548      1        6        124540       0.19   2        0        92918       62270.00    0.00        62270.00   
  73       2018358      1        7        271364       0.41   5        0        90412       54272.80    0.00        54272.80   
  74       2018057      1        4        79492        0.12   1        0        79492       79492.00    0.00        79492.00   
  75       2020695      1        1        77623        0.12   1        0        77623       77623.00    0.00        77623.00   
  76       2020776      1        2        138059       0.21   2        0        76673       69029.50    0.00        69029.50   
  77       2017876      1        3        75763        0.11   1        0        75763       75763.00    0.00        75763.00   
  78       2018386      1        2        222099       0.33   7        0        75394       31728.43    0.00        31728.43   
  79       2812976      1        3        128906       0.19   2        0        73548       64453.00    0.00        64453.00   
  80       2018242      1        5        177301       0.27   5        0        72629       35460.20    0.00        35460.20   
  81       2819673      1        4        190163       0.28   5        0        71542       38032.60    0.00        38032.60   
  82       2805348      1        4        235491       0.35   4        0        71205       58872.75    0.00        58872.75   
  83       2023875      1        2        218782       0.33   5        0        69835       43756.40    0.00        43756.40   
  84       2816940      1        2        293872       0.44   5        0        68671       58774.40    0.00        58774.40   
  85       2816909      1        2        298863       0.45   5        0        67644       59772.60    0.00        59772.60   
  86       2016922      1        12       65162        0.10   1        0        65162       65162.00    0.00        65162.00   
  87       2018075      1        3        63204        0.09   1        0        63204       63204.00    0.00        63204.00   
  88       2014967      1        3        157858       0.24   5        0        62962       31571.60    0.00        31571.60   
  89       2829848      1        2        182383       0.27   5        0        62838       36476.60    0.00        36476.60   
  90       2024138      1        2        96111        0.14   2        0        62641       48055.50    0.00        48055.50   
  91       2021753      1        3        62407        0.09   1        0        62407       62407.00    0.00        62407.00   
  92       2820851      1        5        206336       0.31   5        0        61694       41267.20    0.00        41267.20   
  93       2020586      1        3        61350        0.09   1        0        61350       61350.00    0.00        61350.00   
  94       2021718      1        4        130601       0.20   3        0        61008       43533.67    0.00        43533.67   
  95       2021716      1        1        60942        0.09   1        0        60942       60942.00    0.00        60942.00   
  96       2018032      1        2        60755        0.09   1        0        60755       60755.00    0.00        60755.00   
  97       2828122      1        2        205975       0.31   5        0        58243       41195.00    0.00        41195.00   
  98       2816895      1        2        131667       0.20   3        0        57022       43889.00    0.00        43889.00   
  99       2809363      1        3        203830       0.31   5        0        56403       40766.00    0.00        40766.00   
  100      2017456      1        3        107986       0.16   3        0        56364       35995.33    0.00        35995.33   
  101      2812433      1        2        187293       0.28   5        0        56098       37458.60    0.00        37458.60   
  102      2016537      1        2        547468       0.82   15       0        55997       36497.87    0.00        36497.87   
  103      2016858      1        10       202246       0.30   5        0        55622       40449.20    0.00        40449.20   
  104      2012707      1        5        99865        0.15   2        0        55373       49932.50    0.00        49932.50   
  105      2022339      1        2        205772       0.31   5        0        54789       41154.40    0.00        41154.40   
  106      2816928      1        3        198744       0.30   5        0        54297       39748.80    0.00        39748.80   
  107      2009702      1        5        308739       0.46   24       0        53991       12864.12    0.00        12864.12   
  108      2811826      1        7        120120       0.18   3        0        53370       40040.00    0.00        40040.00   
  109      2021418      1        9        210196       0.31   5        0        51785       42039.20    0.00        42039.20   
  110      2823858      1        3        169233       0.25   5        0        50840       33846.60    0.00        33846.60   
  111      2022502      1        4        129325       0.19   3        0        50304       43108.33    0.00        43108.33   
  112      2808965      1        2        90935        0.14   3        0        49694       30311.67    0.00        30311.67   
  113      2815181      1        3        118433       0.18   3        0        49304       39477.67    0.00        39477.67   
  114      2018452      1        15       197268       0.30   5        0        49289       39453.60    0.00        39453.60   
  115      2828212      1        2        90038        0.13   3        0        48530       30012.67    0.00        30012.67   
  116      2828986      1        2        187689       0.28   5        0        47432       37537.80    0.00        37537.80   
  117      2807970      1        8        175590       0.26   5        0        46788       35118.00    0.00        35118.00   
  118      2023315      1        2        204435       0.31   5        0        46682       40887.00    0.00        40887.00   
  119      2015877      1        6        160395       0.24   5        0        46544       32079.00    0.00        32079.00   
  120      2803760      1        3        231761       0.35   12       0        46445       19313.42    0.00        19313.42   
  121      2024142      1        2        81053        0.12   2        0        46407       40526.50    0.00        40526.50   
  122      2022503      1        2        196585       0.29   5        0        45878       39317.00    0.00        39317.00   
  123      2023670      1        3        215851       0.32   6        5        45852       35975.17    37824.20    26730.00   
  124      2815817      1        5        175471       0.26   5        0        44233       35094.20    0.00        35094.20   
  125      2816929      1        4        19

This file has been truncated. Go here to download in full.