Filename: 0b491-1.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 25.9603121281 seconds
Hash: d64de92300cacbdf37d346ba827f5fe8
Uploaded: 1571854181

Logfiles


packet_stats.log - (26172 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             1         93170886       93170886      93170886         93.2m    0.53
 IPv4       6           110          3241184      117021092      75717340          8.3b   47.32
 IPv4      17            43          7804434      140216702      85674269          3.7b   20.93
 IPv6       6            26        119554918      132397376     125579020          3.3b   18.55
 IPv6      17            13          8753048      137798516     120141503          1.6b    8.87
 IPv6      58             5        118831998      138143704     133681165        668.4m    3.80
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             1           269798         269798        269798        269.8k    0.19
TMM_FLOWWORKER              IPv4       6           110           115688       15608392        789741         86.9m   61.28
TMM_FLOWWORKER              IPv4      17            43           276540        7873024        812320         34.9m   24.64
TMM_RECEIVEPCAPFILE         IPv4       1             1             5878           5878          5878          5.9k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6           106             4456           8168          5265        558.1k    0.39
TMM_RECEIVEPCAPFILE         IPv4      17            43             4470          15360          5945        255.6k    0.18
TMM_DECODEPCAPFILE          IPv4       1             1            18368          18368         18368         18.4k    0.01
TMM_DECODEPCAPFILE          IPv4       6           106             4572         135910          6708        711.1k    0.50
TMM_DECODEPCAPFILE          IPv4      17            43             4664          54408          6673        287.0k    0.20
TMM_FLOWWORKER              IPv6       6            26           136234        1712330        423833         11.0m    7.77
TMM_FLOWWORKER              IPv6      17            13           321272         534142        417364          5.4m    3.83
TMM_FLOWWORKER              IPv6      58             5           142930         233122        192014        960.1k    0.68
TMM_RECEIVEPCAPFILE         IPv6       6            26             4468           5588          4796        124.7k    0.09
TMM_RECEIVEPCAPFILE         IPv6      17            13             4834           7670          5359         69.7k    0.05
TMM_RECEIVEPCAPFILE         IPv6      58             5             4492           4750          4639         23.2k    0.02
TMM_DECODEPCAPFILE          IPv6       6            26             4606           5510          4774        124.1k    0.09
TMM_DECODEPCAPFILE          IPv6      17            13             4674          25620          6489         84.4k    0.06
TMM_DECODEPCAPFILE          IPv6      58             5             4662           7600          5327         26.6k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             5264           5264          5264          5.3k  0.00  
flow                    IPv4       6           106             4792          26430          6249        662.4k  0.54  
flow                    IPv4      17            43             4828          36526          9082        390.6k  0.32  
stream                  IPv4       6           110             5306       12321992        145847         16.0m  13.09 
app-layer               IPv4      17            43             4442          72682         16762        720.8k  0.59  
detect                  IPv4       1             1           226416         226416        226416        226.4k  0.18  
detect                  IPv4       6           110            77792       15529714        573614         63.1m  51.49 
detect                  IPv4      17            43           239892        2977728        586253         25.2m  20.57 
tcp-prune               IPv4       6           110             4482          13390          5605        616.6k  0.50  
flow                    IPv6       6            26             4970          20786          6318        164.3k  0.13  
flow                    IPv6      17            13             5320          22822          7921        103.0k  0.08  
flow                    IPv6      58             5             6174           8940          8052         40.3k  0.03  
stream                  IPv6       6            26             5640         127110         26465        688.1k  0.56  
app-layer               IPv6      17            13             4516          21720          8954        116.4k  0.09  
detect                  IPv6       6            26            79798        1465650        330442          8.6m  7.01  
detect                  IPv6      17            13           286298         476310        377620          4.9m  4.01  
detect                  IPv6      58             5           121998         205776        166054        830.3k  0.68  
tcp-prune               IPv6       6            26             4468           7732          5256        136.7k  0.11  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             6             6314          63900         22106        132.6k  27.06 
http                    IPv4      17             7             6314          18558          8402         58.8k  12.00 
tls                     IPv4       6             4             5680          73628         24216         96.9k  19.77 
dns                     IPv4      17            18             6376          26186          9270        166.9k  34.05 
http                    IPv6       6             2             6962           8326          7644         15.3k  3.12  
http                    IPv6      17             3             6314           6962          6530         19.6k  4.00  
Proto detect            IPv4       6             1            15602          15602         15602         15.6k
Proto detect            IPv4      17            24             4682          45880         11495        275.9k
Proto detect            IPv6      17             4             5028           9176          6187         24.7k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            10            44900        6853888        756996          7.6m  66.37 
LOGGER_JSON_HTTP            IPv4       6             7            74944        1038470        254072          1.8m  15.59 
LOGGER_JSON_TLS             IPv4       6             2             5020           5110          5065         10.1k  0.09  
LOGGER_JSON_FILE            IPv4       6             9            64646         239858        148870          1.3m  11.75 
LOGGER_JSON_HTTP            IPv6       6             2            74454          92662         83558        167.1k  1.47  
LOGGER_JSON_FILE            IPv6       6             4            71266         192824        135060        540.2k  4.74  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             1            33784          33784         33784        33.8k  0.13  
payload                           IPv4       6            54             4560         525144         48880         2.6m  9.96  
payload                           IPv4      17            43            10196         132700         44867         1.9m  7.28  
stream                            IPv4       6            54             4452       11262746        272665        14.7m  55.58 
http_uri                          IPv4       6             7            17922          84144         44404       310.8k  1.17  
http_request_line                 IPv4       6             7             9028          13868         11157        78.1k  0.29  
http_client_body                  IPv4       6             7             5376         161748         66126       462.9k  1.75  
http_header (request)             IPv4       6             7            38060         172440         89390       625.7k  2.36  
http_header (request trailer)     IPv4       6             7             4516           6446          5109        35.8k  0.13  
http_header_names (request)       IPv4       6             7            16788          36786         24500       171.5k  0.65  
http_accept (request)             IPv4       6             7             5456           9462          7240        50.7k  0.19  
http_referer (request)            IPv4       6             7             5098           8152          6214        43.5k  0.16  
http_content_len (request)        IPv4       6             7             5328          10882          7529        52.7k  0.20  
http_content_type (request)       IPv4       6             7             5172          10994          8219        57.5k  0.22  
http_protocol (request)           IPv4       6             7             6850          10274          8610        60.3k  0.23  
http_start (request)              IPv4       6             7            15034          20188         17067       119.5k  0.45  
http_raw_header (request)         IPv4       6             7            15428          23556         18455       129.2k  0.49  
http_method                       IPv4       6             7             9066          34540         17490       122.4k  0.46  
http_cookie (request)             IPv4       6             7             5364           9404          7014        49.1k  0.19  
http_raw_uri                      IPv4       6             7             6706          21168         10963        76.7k  0.29  
http_user_agent                   IPv4       6             7             5108          39978         13125        91.9k  0.35  
http_host                         IPv4       6             7             6860          20000         12085        84.6k  0.32  
dns_query                         IPv4      17             5            13482          19298         16090        80.5k  0.30  
tls_sni                           IPv4       6             6             4952          17120          8852        53.1k  0.20  
http_response_line                IPv4       6             6            11716          17790         14404        86.4k  0.33  
http_header (response)            IPv4       6             6            38488         102266         59105       354.6k  1.34  
http_header (response trailer)    IPv4       6             6             4604          10704          6751        40.5k  0.15  
http_content_type (response)      IPv4       6             6             9888          19986         13951        83.7k  0.32  
http_raw_header (response)        IPv4       6            11             7264          37980         17331       190.6k  0.72  
http_cookie (response)            IPv4       6             6             5504           8518          6568        39.4k  0.15  
http_stat_code                    IPv4       6             6             6074          13174          8669        52.0k  0.20  
tls_cert_issuer                   IPv4       6             2             4628           4912          4770         9.5k  0.04  
tls_cert_subject                  IPv4       6             2             4520           4732          4626         9.3k  0.03  
tls_cert_serial                   IPv4       6             2             4478           4526          4502         9.0k  0.03  
file_data (http response)         IPv4       6             5             4986          32218         10890        54.5k  0.21  
Total                             IPv4                   347                                         66318        23.0m
payload                           IPv6       6            14             4640          75716         42143       590.0k  2.23  
payload                           IPv6      17            13            17132         105598         38712       503.3k  1.90  
payload                           IPv6      58             5             5036          13846          8775        43.9k  0.17  
stream                            IPv6       6            14             4458         329618         97778         1.4m  5.17  
http_uri                          IPv6       6             2            18120          33220         25670        51.3k  0.19  
http_request_line                 IPv6       6             2             9696          10338         10017        20.0k  0.08  
http_client_body                  IPv6       6             2            97480         107052        102266       204.5k  0.77  
http_header (request)             IPv6       6             2            75432         104016         89724       179.4k  0.68  
http_header (request trailer)     IPv6       6             2             4554           6430          5492        11.0k  0.04  
http_header_names (request)       IPv6       6             2            27526          30776         29151        58.3k  0.22  
http_accept (request)             IPv6       6             2             5698           7212          6455        12.9k  0.05  
http_referer (request)            IPv6       6             2             5092           6726          5909        11.8k  0.04  
http_content_len (request)        IPv6       6             2             9190          22920         16055        32.1k  0.12  
http_content_type (request)       IPv6       6             2             8528           9928          9228        18.5k  0.07  
http_protocol (request)           IPv6       6             2             6906           8722          7814        15.6k  0.06  
http_start (request)              IPv6       6             2            14188          17828         16008        32.0k  0.12  
http_raw_header (request)         IPv6       6             2            17114          21152         19133        38.3k  0.14  
http_method                       IPv6       6             2             9324          10780         10052        20.1k  0.08  
http_cookie (request)             IPv6       6             2             5442           7498          6470        12.9k  0.05  
http_raw_uri                      IPv6       6             2             6956           8188          7572        15.1k  0.06  
http_user_agent                   IPv6       6             2             9770          13916         11843        23.7k  0.09  
http_host                         IPv6       6             2             8272          10928          9600        19.2k  0.07  
http_response_line                IPv6       6             2             9750          11298         10524        21.0k  0.08  
http_header (response)            IPv6       6             2            33900          37288         35594        71.2k  0.27  
http_header (response trailer)    IPv6       6             2             4742           5698          5220        10.4k  0.04  
http_content_type (response)      IPv6       6             2             8858           9534          9196       

This file has been truncated. Go here to download in full.


suricata-report-2019-10-23-T-18-10-07-10232019.1809-0b491-1.pcap.txt - (17863 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/d64de92300cacbdf37d346ba827f5fe856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10232019.1809-0b491-1.pcap -vvv -k none
elapsedtime:24.794715
stderr:
stdout:
23/10/2019 -- 18:09:42 - <Info> - Configuration node 'rule-files' redefined.
23/10/2019 -- 18:09:42 - <Notice> - This is Suricata version 4.0.0 RELEASE
23/10/2019 -- 18:09:42 - <Info> - CPUs/cores online: 1
23/10/2019 -- 18:09:42 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31799 and 'request-body-inspect-window' set to 16685 after randomization.
23/10/2019 -- 18:09:42 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32912 and 'response-body-inspect-window' set to 16511 after randomization.
23/10/2019 -- 18:09:42 - <Config> - DNS request flood protection level: 500
23/10/2019 -- 18:09:42 - <Config> - DNS per flow memcap (state-memcap): 524288
23/10/2019 -- 18:09:42 - <Config> - DNS global memcap: 16777216
23/10/2019 -- 18:09:42 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
23/10/2019 -- 18:09:42 - <Config> - preallocated 1000 hosts of size 136
23/10/2019 -- 18:09:42 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
23/10/2019 -- 18:09:42 - <Config> - using magic-file /usr/share/file/magic
23/10/2019 -- 18:09:42 - <Config> - Core dump size is unlimited.
23/10/2019 -- 18:09:42 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
23/10/2019 -- 18:09:42 - <Config> - preallocated 1000 defrag trackers of size 168
23/10/2019 -- 18:09:42 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
23/10/2019 -- 18:09:42 - <Config> - stream "prealloc-sessions": 2048 (per thread)
23/10/2019 -- 18:09:42 - <Config> - stream "memcap": 33554432
23/10/2019 -- 18:09:42 - <Config> - stream "midstream" session pickups: disabled
23/10/2019 -- 18:09:42 - <Config> - stream "async-oneside": disabled
23/10/2019 -- 18:09:42 - <Config> - stream "checksum-validation": disabled
23/10/2019 -- 18:09:42 - <Config> - stream."inline": disabled
23/10/2019 -- 18:09:42 - <Config> - stream "bypass": disabled
23/10/2019 -- 18:09:42 - <Config> - stream "max-synack-queued": 5
23/10/2019 -- 18:09:42 - <Config> - stream.reassembly "memcap": 134217728
23/10/2019 -- 18:09:42 - <Config> - stream.reassembly "depth": 0
23/10/2019 -- 18:09:42 - <Config> - stream.reassembly "toserver-chunk-size": 2556
23/10/2019 -- 18:09:42 - <Config> - stream.reassembly "toclient-chunk-size": 2482
23/10/2019 -- 18:09:42 - <Config> - stream.reassembly.raw: enabled
23/10/2019 -- 18:09:42 - <Config> - stream.reassembly "segment-prealloc": 2048
23/10/2019 -- 18:09:42 - <Config> - Delayed detect disabled
23/10/2019 -- 18:09:42 - <Config> - pattern matchers: MPM: ac, SPM: bm
23/10/2019 -- 18:09:42 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
23/10/2019 -- 18:09:42 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
23/10/2019 -- 18:09:42 - <Config> - prefilter engines: MPM
23/10/2019 -- 18:09:42 - <Config> - IP reputation disabled
23/10/2019 -- 18:09:42 - <Perf> - Registered 148 keyword profiling counters.
23/10/2019 -- 18:09:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
23/10/2019 -- 18:09:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
23/10/2019 -- 18:09:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
23/10/2019 -- 18:09:48 - <Config> - No rules loaded from ET-icmp.rules.
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
23/10/2019 -- 18:09:48 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
23/10/2019 -- 18:09:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
23/10/2019 -- 18:09:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
23/10/2019 -- 18:09:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
23/10/2019 -- 18:09:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
23/10/2019 -- 18:09:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
23/10/2019 -- 18:09:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
23/10/2019 -- 18:09:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
23/10/2019 -- 18:09:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
23/10/2019 -- 18:09:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
23/10/2019 -- 18:09:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
23/10/2019 -- 18:09:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
23/10/2019 -- 18:09:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
23/10/2019 -- 18:09:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
23/10/2019 -- 18:09:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
23/10/2019 -- 18:09:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
23/10/2019 -- 18:09:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
23/10/2019 -- 18:09:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
23/10/2019 -- 18:09:56 - <Config> - No rules loaded from local.rules.
23/10/2019 -- 18:09:56 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
23/10/2019 -- 18:09:56 - <Info> - Threshold config parsed: 0 rule(s) found
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for tcp-packet
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for tcp-stream
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for udp-packet
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for other-ip
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_uri
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_request_line
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_client_body
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_response_line
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_header
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_header
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_header_names
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_header_names
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_accept
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_accept_enc
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_accept_lang
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_referer
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_connection
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_content_len
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_content_len
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_content_type
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_content_type
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_protocol
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_protocol
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_start
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_start
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_raw_header
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_raw_header
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_method
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_cookie
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_cookie
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_raw_uri
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_user_agent
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_host
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_raw_host
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_stat_msg
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_stat_code
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for dns_query
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for tls_sni
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for tls_cert_issuer
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for tls_cert_subject
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for tls_cert_serial
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for dce_stub_data
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for dce_stub_data
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for ssh_protocol
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for ssh_protocol
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for ssh_software
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for ssh_software
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for file_data
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for file_data
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_request_line
23/10/2019 -- 18:09:57 - <Perf> - using shared mpm ctx' for http_response_line
23/10/2019 -- 18:09:57 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
23/10/2019 -- 18:09:57 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
23/10/2019 -- 18:09:57 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
23/10/2019 -- 18:09:57 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
23/10/2019 -- 18:09:57 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
23/10/2019 -- 18:09:57 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
23/10/2019 -- 18:09:57 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
23/10/2019 -- 18:09:57 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
23/10/2019 -- 18:10:04 - <Perf> - Unique rule groups: 104
23/10/2019 -- 18:10:04 - <Perf> - Builtin MPM "toserver TCP packet": 35
23/10/2019 -- 18:10:04 - <Perf> - Builtin MPM "toclient TCP packet": 17
23/10/2019 -- 18:10:04 - <Perf> - Builtin MPM "toserver TCP stream": 33
23/10/2019 -- 18:10:04 - <Perf> - Builtin MPM "toclient TCP stream": 19
23/10/2019 -- 18:10:04 - <Perf> - Builtin MPM "toserver UDP packet": 27
23/10/2019 -- 18:10:04 - <Perf> - Builtin MPM "toclient UDP packet": 17
23/10/2019 -- 18:10:04 - <Perf> - Builtin MPM "other IP packet": 3
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_uri": 14
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_request_line": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_client_body": 6
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient http_response_line": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_header": 10
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient http_header": 6
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_header_names": 2
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_accept": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_referer": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_content_len": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_content_type": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient http_content_type": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_protocol": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_start": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_method": 5
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_cookie": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient http_cookie": 2
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver http_host": 2
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver dns_query": 4
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver tls_sni": 2
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toserver file_data": 1
23/10/2019 -- 18:10:04 - <Perf> - AppLayer MPM "toclient file_data": 7
23/10/2019 -- 18:10:06 - <Perf> - Registered 39590 rule profiling counters.
23/10/2019 -- 18:10:06 - <Info> - fast output device (regular) initialized: alert
23/10/2019 -- 18:10:06 - <Info> - eve-log output device (regular) initialized: eve.json
23/10/2019 -- 18:10:06 - <Config> - enabling 'eve-log' module 'alert'
23/10/2019 -- 18:10:06 - <Config> - enabling 'eve-log' module 'http'
23/10/2019 -- 18:10:06 - <Config> - enabling 'eve-log' module 'dns'
23/10/2019 -- 18:10:06 - <Config> - enabling 'eve-log' module 'tls'
23/10/2019 -- 18:10:06 - <Config> - enabling 'eve-log' module 'files'
23/10/2019 -- 18:10:06 - <Config> - enabling 'eve-log' module 'ssh'
23/10/2019 -- 18:10:06 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
23/10/2019 -- 18:10:06 - <Info> - stats output device (regular) initialized: stats.log
23/10/2019 -- 18:10:06 - <Config> - AutoFP mode using "Hash" flow lo

This file has been truncated. Go here to download in full.


stats.log - (3290 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 10/23/2019 -- 18:10:07 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 216
decoder.bytes                              | Total                     | 95478
decoder.ipv4                               | Total                     | 150
decoder.ipv6                               | Total                     | 44
decoder.ethernet                           | Total                     | 216
decoder.tcp                                | Total                     | 132
decoder.udp                                | Total                     | 56
decoder.icmpv4                             | Total                     | 1
decoder.icmpv6                             | Total                     | 5
decoder.avg_pkt_size                       | Total                     | 442
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 11
flow.udp                                   | Total                     | 20
flow.icmpv6                                | Total                     | 5
tcp.sessions                               | Total                     | 11
tcp.syn                                    | Total                     | 11
tcp.synack                                 | Total                     | 11
tcp.rst                                    | Total                     | 4
tcp.overlap                                | Total                     | 1
detect.mpm_list                            | Total                     | 7
detect.nonmpm_list                         | Total                     | 3
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 8
app_layer.flow.http                        | Total                     | 8
app_layer.tx.http                          | Total                     | 9
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 5
app_layer.tx.dns_udp                       | Total                     | 5
app_layer.flow.failed_udp                  | Total                     | 15
flow.spare                                 | Total                     | 9996
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456


eve.json - (15132 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{"timestamp":"2019-10-22T18:51:14.828015+0000","flow_id":2115274876822127,"pcap_cnt":9,"event_type":"dns","src_ip":"192.168.240.18","src_port":58085,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":40178,"rrname":"www.n01goalkeeper.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:14.846100+0000","flow_id":2115274876822127,"pcap_cnt":10,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":58085,"proto":"UDP","dns":{"type":"answer","id":40178,"rcode":"NOERROR","rrname":"www.n01goalkeeper.com","rrtype":"CNAME","ttl":10799,"rdata":"n01goalkeeper.com"}}
{"timestamp":"2019-10-22T18:51:14.846100+0000","flow_id":2115274876822127,"pcap_cnt":10,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":58085,"proto":"UDP","dns":{"type":"answer","id":40178,"rcode":"NOERROR","rrname":"n01goalkeeper.com","rrtype":"A","ttl":10799,"rdata":"107.180.0.110"}}
{"timestamp":"2019-10-22T18:51:15.130595+0000","flow_id":708673087471139,"pcap_cnt":17,"event_type":"dns","src_ip":"192.168.240.18","src_port":53569,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15183,"rrname":"www.combinedenergytech.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:15.145277+0000","flow_id":708673087471139,"pcap_cnt":18,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":53569,"proto":"UDP","dns":{"type":"answer","id":15183,"rcode":"NOERROR","rrname":"www.combinedenergytech.com","rrtype":"CNAME","ttl":3599,"rdata":"combinedenergytech.com"}}
{"timestamp":"2019-10-22T18:51:15.145277+0000","flow_id":708673087471139,"pcap_cnt":18,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":53569,"proto":"UDP","dns":{"type":"answer","id":15183,"rcode":"NOERROR","rrname":"combinedenergytech.com","rrtype":"A","ttl":599,"rdata":"165.227.183.180"}}
{"timestamp":"2019-10-22T18:51:15.258519+0000","flow_id":317315667363546,"pcap_cnt":23,"event_type":"http","src_ip":"192.168.240.18","src_port":49300,"dest_ip":"107.180.0.110","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.n01goalkeeper.com","url":"\/wp-content\/t69\/","http_content_type":"text\/html"}}
{"timestamp":"2019-10-22T18:51:15.318614+0000","flow_id":317315667363546,"pcap_cnt":25,"event_type":"fileinfo","src_ip":"107.180.0.110","src_port":80,"dest_ip":"192.168.240.18","dest_port":49300,"proto":"TCP","http":{"hostname":"www.n01goalkeeper.com","url":"\/wp-content\/t69\/","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":332},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/t69\/","gaps":false,"state":"CLOSED","stored":false,"size":332,"tx_id":0}}
{"timestamp":"2019-10-22T18:51:16.072476+0000","flow_id":1825716771701881,"pcap_cnt":41,"event_type":"http","src_ip":"192.168.240.18","src_port":49301,"dest_ip":"165.227.183.180","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.combinedenergytech.com","url":"\/wp-content\/n6\/","http_content_type":"text\/html"}}
{"timestamp":"2019-10-22T18:51:16.095571+0000","flow_id":1434767373661523,"pcap_cnt":42,"event_type":"dns","src_ip":"192.168.240.18","src_port":49772,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23804,"rrname":"www.stewardtechnicalcollege.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:21.009676+0000","flow_id":1825716771701881,"pcap_cnt":48,"event_type":"fileinfo","src_ip":"165.227.183.180","src_port":80,"dest_ip":"192.168.240.18","dest_port":49301,"proto":"TCP","http":{"hostname":"www.combinedenergytech.com","url":"\/wp-content\/n6\/","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":404,"length":15751},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/n6\/","gaps":false,"state":"CLOSED","stored":false,"size":15751,"tx_id":0}}
{"timestamp":"2019-10-22T18:51:21.098227+0000","flow_id":1434767373661523,"pcap_cnt":50,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":49772,"proto":"UDP","dns":{"type":"answer","id":23804,"rcode":"SERVFAIL","rrname":"www.stewardtechnicalcollege.com"}}
{"timestamp":"2019-10-22T18:51:21.139783+0000","flow_id":1575240721834503,"pcap_cnt":51,"event_type":"dns","src_ip":"192.168.240.18","src_port":62287,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":30094,"rrname":"superecruiters.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:21.350648+0000","flow_id":1575240721834503,"pcap_cnt":52,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":62287,"proto":"UDP","dns":{"type":"answer","id":30094,"rcode":"NOERROR","rrname":"superecruiters.com","rrtype":"A","ttl":14399,"rdata":"185.60.170.103"}}
{"timestamp":"2019-10-22T18:51:22.232240+0000","flow_id":1713311035591472,"pcap_cnt":73,"event_type":"dns","src_ip":"192.168.240.18","src_port":56304,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":62972,"rrname":"www.newuvolume2.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-10-22T18:51:22.247682+0000","flow_id":1713311035591472,"pcap_cnt":74,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":56304,"proto":"UDP","dns":{"type":"answer","id":62972,"rcode":"NOERROR","rrname":"www.newuvolume2.com","rrtype":"CNAME","ttl":3599,"rdata":"newuvolume2.com"}}
{"timestamp":"2019-10-22T18:51:22.247682+0000","flow_id":1713311035591472,"pcap_cnt":74,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.18","dest_port":56304,"proto":"UDP","dns":{"type":"answer","id":62972,"rcode":"NOERROR","rrname":"newuvolume2.com","rrtype":"A","ttl":599,"rdata":"184.168.221.95"}}
{"timestamp":"2019-10-22T18:51:22.433107+0000","flow_id":946521934278430,"pcap_cnt":87,"event_type":"http","src_ip":"192.168.240.18","src_port":49305,"dest_ip":"184.168.221.95","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.newuvolume2.com","url":"\/wp-content\/upgrade\/g1z8jf7\/"}}
{"timestamp":"2019-10-22T18:51:41.327094+0000","flow_id":1097666129686254,"pcap_cnt":111,"event_type":"fileinfo","src_ip":"192.168.240.28","src_port":49343,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:51:41.327453+0000","flow_id":1097666129686254,"pcap_cnt":113,"event_type":"http","src_ip":"192.168.240.28","src_port":49343,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:51:41.329284+0000","flow_id":1097666129686254,"pcap_cnt":115,"event_type":"fileinfo","src_ip":"192.168.240.18","src_port":5357,"dest_ip":"192.168.240.28","dest_port":49343,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:52:32.626971+0000","flow_id":2185297881236011,"pcap_cnt":129,"event_type":"fileinfo","src_ip":"192.168.240.90","src_port":49204,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:52:32.627486+0000","flow_id":2185297881236011,"pcap_cnt":131,"event_type":"http","src_ip":"192.168.240.90","src_port":49204,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:52:32.630206+0000","flow_id":2185297881236011,"pcap_cnt":133,"event_type":"fileinfo","src_ip":"192.168.240.18","src_port":5357,"dest_ip":"192.168.240.90","dest_port":49204,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:52:36.126993+0000","flow_id":1050548194565842,"pcap_cnt":143,"event_type":"fileinfo","src_ip":"192.168.240.90","src_port":49206,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:52:36.127609+0000","flow_id":1050548194565842,"pcap_cnt":145,"event_type":"http","src_ip":"192.168.240.90","src_port":49206,"dest_ip":"192.168.240.18","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:52:36.129215+0000","flow_id":1050548194565842,"pcap_cnt":147,"event_type":"fileinfo","src_ip":"192.168.240.18","src_port":5357,"dest_ip":"192.168.240.90","dest_port":49206,"proto":"TCP","http":{"hostname":"192.168.240.18","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:53:00.173968+0000","flow_id":544300400942417,"pcap_cnt":164,"event_type":"fileinfo","src_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","src_port":49306,"dest_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","dest_port":5357,"proto":"TCP","http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2718},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:53:00.174407+0000","flow_id":544300400942417,"pcap_cnt":166,"event_type":"http","src_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","src_port":49306,"dest_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:53:00.176081+0000","flow_id":544300400942417,"pcap_cnt":168,"event_type":"fileinfo","src_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","src_port":5357,"dest_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","dest_port":49306,"proto":"TCP","http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:53:06.628305+0000","flow_id":792624672967314,"pcap_cnt":183,"event_type":"fileinfo","src_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","src_port":49307,"dest_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","dest_port":5357,"proto":"TCP","http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2718},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-10-22T18:53:06.628717+0000","flow_id":792624672967314,"pcap_cnt":185,"event_type":"http","src_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","src_port":49307,"dest_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-10-22T18:53:06.630068+0000","flow_id":792624672967314,"pcap_cnt":187,"event_type":"fileinfo","src_ip":"fe80:0000:0000:0000:d8d4:1b3e:3e86:6584","src_port":5357,"dest_ip":"fe80:0000:0000:0000:6187:e1b9:32bb:1d48","dest_port":49307,"proto":"TCP","http":{"hostname":"[fe80::d8d4:1b3e:3e86:6584]","url":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/6b06490d-f9fd-424c-8b6d-83edc4369e89\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-10-22T18:54:30.024528+0000","flow_id":1355523079984868,"event_type":"http","src_ip":"192.168.240.18","src_port":49304,"dest_ip":"184.168.221.95","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.newuvolume2.com","url":"\/wp-content\/upgrade\/g1z8jf7\/"}}
{"timestamp":"2019-10-22T18:54:30.024528+0000","flow_id":946521934278430,"event_type":"fileinfo","src_ip":"184.168.221.95","src_port":80,"dest_ip":"192.168.240.18","dest_port":49305,"proto":"TCP","http":{"hostname":"www.newuvolume2.com","url":"\/wp-content\/upgrade\/g1z8jf7\/","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":403,"length":102},"app_proto":"http","fileinfo":{"filename":"\/wp-content\/upgrade\/g1z8jf7\/","gaps":false,"state":"CLOSED","stored":false,"size":93,"tx_id":0}}


suricata-4.0.0-etpro-all-perf.txt-2019-10-23-T-18-10-07-10232019.1809-0b491-1.pcap.txt - (22743 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 10/23/2019 -- 18:10:07. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2802876      1        3        936936       3.13   2        0        906462      468468.00   0.00        468468.00  
  2        2024771      1        1        1005302      3.36   7        0        899822      143614.57   0.00        143614.57  
  3        2829848      1        2        1063342      3.56   5        0        871060      212668.40   0.00        212668.40  
  4        2009702      1        5        918330       3.07   16       0        841072      57395.62    0.00        57395.62   
  5        2824975      1        2        774272       2.59   4        0        566312      193568.00   0.00        193568.00  
  6        2821615      1        2        894716       2.99   4        0        547170      223679.00   0.00        223679.00  
  7        2830124      1        1        859318       2.87   4        0        535834      214829.50   0.00        214829.50  
  8        2811399      1        2        725560       2.43   4        0        524996      181390.00   0.00        181390.00  
  9        2826281      1        2        671474       2.25   8        0        483438      83934.25    0.00        83934.25   
  10       2021702      1        1        469552       1.57   6        0        443850      78258.67    0.00        78258.67   
  11       2010143      1        3        549654       1.84   13       0        442526      42281.08    0.00        42281.08   
  12       2013075      1        8        469748       1.57   8        0        438060      58718.50    0.00        58718.50   
  13       2811577      1        2        492900       1.65   16       0        236896      30806.25    0.00        30806.25   
  14       2826256      1        2        617486       2.07   9        0        201768      68609.56    0.00        68609.56   
  15       2815481      1        6        295064       0.99   3        0        157284      98354.67    0.00        98354.67   
  16       2016537      1        2        889390       2.98   21       4        152930      42351.90    124921.50   22923.76   
  17       2025142      1        2        323572       1.08   5        0        132130      64714.40    0.00        64714.40   
  18       2815659      1        3        432176       1.45   4        4        123142      108044.00   108044.00   0.00       
  19       2828060      1        4        232730       0.78   3        0        112558      77576.67    0.00        77576.67   
  20       2809850      1        2        366138       1.22   7        0        107426      52305.43    0.00        52305.43   
  21       2829644      1        1        292610       0.98   4        0        105028      73152.50    0.00        73152.50   
  22       2815754      1        2        213072       0.71   3        0        100556      71024.00    0.00        71024.00   
  23       2816165      1        5        556802       1.86   9        0        95994       61866.89    0.00        61866.89   
  24       2023621      1        4        289214       0.97   39       0        95688       7415.74     0.00        7415.74    
  25       2828986      1        2        235148       0.79   5        0        93186       47029.60    0.00        47029.60   
  26       2811447      1        2        423270       1.42   14       0        87846       30233.57    0.00        30233.57   
  27       2023083      1        2        265184       0.89   4        0        82666       66296.00    0.00        66296.00   
  28       2830035      1        2        290404       0.97   4        0        80098       72601.00    0.00        72601.00   
  29       2014701      1        12       386842       1.29   16       0        77618       24177.62    0.00        24177.62   
  30       2816669      1        4        216802       0.73   5        0        75636       43360.40    0.00        43360.40   
  31       2802881      1        3        73276        0.25   1        0        73276       73276.00    0.00        73276.00   
  32       2802880      1        3        73234        0.25   1        0        73234       73234.00    0.00        73234.00   
  33       2025162      1        2        244252       0.82   4        0        72452       61063.00    0.00        61063.00   
  34       2826451      1        2        70692        0.24   1        0        70692       70692.00    0.00        70692.00   
  35       2821148      1        4        181112       0.61   5        0        70266       36222.40    0.00        36222.40   
  36       2021067      1        2        184544       0.62   3        0        68518       61514.67    0.00        61514.67   
  37       2809267      1        8        244332       0.82   4        0        67900       61083.00    0.00        61083.00   
  38       2811280      1        7        166354       0.56   3        0        64832       55451.33    0.00        55451.33   
  39       2829607      1        1        224196       0.75   4        0        64404       56049.00    0.00        56049.00   
  40       2821561      1        2        215554       0.72   5        0        63358       43110.80    0.00        43110.80   
  41       2810055      1        2        99840        0.33   4        0        62042       24960.00    0.00        24960.00   
  42       2019155      1        2        162780       0.54   5        0        60940       32556.00    0.00        32556.00   
  43       2024848      1        2        183572       0.61   5        0        59518       36714.40    0.00        36714.40   
  44       2805058      1        3        58352        0.20   1        0        58352       58352.00    0.00        58352.00   
  45       2820309      1        2        161882       0.54   5        0        58126       32376.40    0.00        32376.40   
  46       2012707      1        5        141336       0.47   5        0        56652       28267.20    0.00        28267.20   
  47       2014704      1        7        180070       0.60   9        0        56470       20007.78    0.00        20007.78   
  48       2022545      1        1        138334       0.46   4        0        55362       34583.50    0.00        34583.50   
  49       2811711      1        2        147828       0.49   5        0        55226       29565.60    0.00        29565.60   
  50       2803348      1        4        55148        0.18   1        0        55148       55148.00    0.00        55148.00   
  51       2809816      1        2        154922       0.52   5        0        54614       30984.40    0.00        30984.40   
  52       2806959      1        2        134760       0.45   5        0        53936       26952.00    0.00        26952.00   
  53       2806921      1        3        134180       0.45   5        0        52958       26836.00    0.00        26836.00   
  54       2017552      1        6        662702       2.22   26       0        52262       25488.54    0.00        25488.54   
  55       2811544      1        1        311226       1.04   16       0        51976       19451.62    0.00        19451.62   
  56       2816394      1        2        136512       0.46   5        0        49222       27302.40    0.00        27302.40   
  57       2020936      1        3        130056       0.44   5        0        48912       26011.20    0.00        26011.20   
  58       2022197      1        3        138922       0.46   3        0        48174       46307.33    0.00        46307.33   
  59       2828212      1        2        130556       0.44   5        0        47770       26111.20    0.00        26111.20   
  60       2014702      1        9        260256       0.87   16       0        47310       16266.00    0.00        16266.00   
  61       2023316      1        2        45652        0.15   1        0        45652       45652.00    0.00        45652.00   
  62       2830036      1        1        127716       0.43   5        0        45260       25543.20    0.00        25543.20   
  63       2807925      1        1        171398       0.57   10       0        41548       17139.80    0.00        17139.80   
  64       2024513      1        5        100200       0.34   3        0        41348       33400.00    0.00        33400.00   
  65       2022531      1        1        139554       0.47   4        0        40114       34888.50    0.00        34888.50   
  66       2014133      1        4        120866       0.40   5        0        37754       24173.20    0.00        24173.20   
  67       2023615      1        3        231576       0.77   39       0        37088       5937.85     0.00        5937.85    
  68       2803760      1        3        225818       0.76   8        0        36206       28227.25    0.00        28227.25   
  69       2823937      1        13       94418        0.32   3        0        35862       31472.67    0.00        31472.67   
  70       2022543      1        1        215616       0.72   8        0        35448       26952.00    0.00        26952.00   
  71       2804586      1        2        54378        0.18   4        0        34750       13594.50    0.00        13594.50   
  72       2023619      1        3        201252       0.67   33       0        34356       6098.55     0.00        6098.55    
  73       2014703      1        9        239134       0.80   16       0        33176       14945.88    0.00        14945.88   
  74       2819934      1        2        32874        0.11   1        0        32874       32874.00    0.00        32874.00   
  75       2807926      1        3        152346       0.51   10       0        32754       15234.60    0.00        15234.60   
  76       2023613      1        3        233022       0.78   41       0        32642       5683.46     0.00        5683.46    
  77       2002911      1        6        52498        0.18   5        0        31428       10499.60    0.00        10499.60   
  78       2816566      1        1        44546        0.15   4        0        29706       11136.50    0.00        11136.50   
  79       2019230      1        2        248326       0.83   16       0        29702       15520.38    0.00        15520.38   
  80       2023614      1        3        246194       0.82   41       0        29064       6004.73     0.00        6004.73    
  81       2819882      1        2        26390        0.09   1        0        26390       26390.00    0.00        26390.00   
  82       2018292      1        1        88150        0.29   10       0        26300       8815.00     0.00        8815.00    
  83       2018558      1        5        28362        0.09   2        0        21700       14181.00    0.00        14181.00   
  84       2010939      1        3        46142        0.15   5        0        20848       9228.40     0.00        9228.40    
  85       2023617      1        3        216920       0.73   40       0        20684       5423.00     0.00        5423.00    
  86       2823788      1        4        60388        0.20   8        0        19506       7548.50     0.00        7548.50    
  87       2016323      1        1        24870        0.08   3        0        15066       8290.00     0.00        8290.00    
  88       2823571      1        2        14926        0.05   2        0        9102        7463.00     0.00        7463.00    
  89       2023618      1        3        189756       0.63   36       0        9016        5271.00     0.00        5271.00    
  90       2008420      1        4        50592        0.17   8        0        8880        6324.00     0.00        6324.00    
  91       2002993      1        7        28912        0.10   5        0        8810        5782.40     0.00        5782.40    
  92       2827580      1        7        30532        0.10   5        0        8776        6106.40     0.00        6106.40    
  93       2100540      1        12       143692       0.48   26       0        8676        5526.62     0.00        5526.62    
  94       2002992      1        7        30934        0.10   5        0        8468        6186.80     0.00        6186.80    
  95       2804589      1        3        29536        0.10   5        0        8158        5907.20     0.00        5907.20    
  96       2023626      1        3        280284       0.94   55       0        8070        5096.07     0.00        5096.07    
  97       2021701      1        1        33654        0.11   6        0        8030        5609.00     0.00        5609.00    
  98       2009243      1        2        23220        0.08   4        0        7976        5805.00     0.00        5805.00    
  99       2102523      1        8        86376        0.29   16       0        7948        5398.50     0.00        5398.50    
  100      2815480      1        6        13622        0.05   2        0        7940        6811.00     0.00        6811.00    
  101      2808577      1        5        22208        0.07   4        0        7930        5552.00     0.00        5552.00    
  102      2023624      1        3        283314       0.95   56       0        7918        5059.18     0.00        5059.18    
  103      2100540      1        12       139524       0.47   26       0        7872        5366.31     0.00        5366.31    
  104      2801224      1        6        28554        0.10   5        0        7872        5710.80     0.00        5710.80    
  105      2010142      1        4        66014        0.22   13       0        7868        5078.00     0.00        5078.00    
  106      2827279      1        5        31016        0.10   5        0        7830        6203.20     0.00        6203.20    
  107      2023627      1        3        188618       0.63   37       0        7820        5097.78     0.00        5097.78    
  108      2810799      1        5        29420        0.10   5        0        7806        5884.00     0.00        5884.00    
  109      2008117      1        3        80154        0.27   15       0        7790        5343.60     0.00        5343.60    
  110      2828876      1        1        149122       0.50   27       0        7736        5523.04     0.00        5523.04    
  111      2828877      1        1        46326        0.15   9        0        7706        5147.33     0.00        5147.33    
  112      2023612      1        4        213742       0.72   42       0        7700        5089.10     0.00        5089.10    
  113      2023623      1        3        197010       0.66   39       0        7566        5051.54     0.00        5051.54    
  114      2802822      1        1        84120        0.28   15       0        7532        5608.00     0.00        5608.00    
  115      2001330      1        8        21614        0.07   4        0        7502        5403.50     0.00        5403.50    
  116      2810793      1        5        44496        0.15   9        0        7500        4944.00     0.00        4944.00    
  117      2828008      1        2        28342        0.09   5        0        7438        5668.40     0.00        5668.40    
  118      2103158      1        6        22578        0.08   4        0        7416        5644.50     0.00        5644.50    
  119      2101201      1        10       7296         0.02   1        0        7296        7296.00     0.00        7296.00    
  120      2009387      1        4        23920        0.08   4        0        7178        5980.00     0.00        5980.00    
  121      2002994      1        7        27022        0.09   5        0        7152        5404.40     0.00        5404.40    
  122      2023622      1        3        251648       0.84   50       0        7120        5032.96     0.00        5032.96    
  123      2008120      1        4        86150        0.29   17       0        7116        5067.65     0.00        5067.65    
  124      2805442      1        2        128386       0.43   25       0        7116        5135.44     0.00        5135.44    
  125      2023620      1        3        

This file has been truncated. Go here to download in full.


keyword_perf.log - (11424 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 10/23/2019 -- 18:10:07
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2540548         187             187             820810          13585.00        13585.00        0.00           
  content          5615144         456             284             889562          12313.00        10412.00        15453.00       
  pcre             509300          27              7               73614           18862.00        18214.00        19090.00       
  byte_test        702100          80              32              215002          8776.00         7063.00         9917.00        
  isdataat         91214           16              0               7660            5700.00         0.00            5700.00        
  flowbits         174364          24              13              24294           7265.00         7892.00         6523.00        
  urilen           145968          24              11              8254            6082.00         6022.00         6132.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             2540548         187             187             820810          13585.00        13585.00        0.00           
  flowbits         102506          16              5               8552            6406.00         6150.00         6523.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2462626         154             91              889562          15991.00        6416.00         29821.00       
  pcre             183054          11              7               73614           16641.00        18214.00        13888.00       
  byte_test        702100          80              32              215002          8776.00         7063.00         9917.00        
  isdataat         91214           16              0               7660            5700.00         0.00            5700.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         71858           8               8               24294           8982.00         8982.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          539358          64              19              53818           8427.00         11517.00        7122.00        
  pcre             62512           3               0               41136           20837.00        0.00            20837.00       
  urilen           145968          24              11              8254            6082.00         6022.00         6132.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          262644          31              6               27940           8472.00         11457.00        7755.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18270           3               0               7736            6090.00         0.00            6090.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          25618           4               0               6742            6404.00         0.00            6404.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          926498          119             100             97508           7785.00         7880.00         7288.00        
  pcre             263734          13              0               58698           20287.00        0.00            20287.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          365448          50              47              9840            7308.00         7346.00         6716.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18606           3               0               8292            6202.00         0.00            6202.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          859196          6               6               828264          143199.00       143199.00       0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          98198           15              11              8272            6546.00         6558.00         6513.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38682           7               4               6008            5526.00         5265.00         5873.00        


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-10-23 18:09:41,613 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-10-23 18:09:42,528 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-10-23 18:09:42,529 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-10-23 18:09:42,529 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-10-23 18:09:42,529 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-10-23 18:09:42,530 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/d64de92300cacbdf37d346ba827f5fe856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10232019.1809-0b491-1.pcap -vvv -k none
2019-10-23 18:10:07,327 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-10-23 18:10:07,328 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.7260048389