Filename: network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 25.1063690186 seconds
Hash: dc3a62becde112f824b78127ad5e6b3b
Uploaded: 1568968739

Logfiles


unified2.alert.1568968764 - (46692 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
4]„Q'TΏ!†
ÅÀ¨ðPÀŽÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPvIèeƒÄPM˜è‰jMè?EPMÐQ•(ÿÿÿR諃ÄPM¨è_EPMØQ• ÿÿÿR苃ÄPM°è?EPMÈQ•ÿÿÿRèkƒÄPM èEPMèQ•ÿÿÿRèKƒÄPMÀèÿEPMàQ•ÿÿÿRè+ƒÄPM¸èßjjE°PÿÿÿQè+ƒÄPU RE¨PMÀQU¸R…øþÿÿPè[ƒÄPðþÿÿQèKƒÄP•èþÿÿRè;ƒÄP…àþÿÿPè+ƒÄPØþÿÿQè;ƒÄPUR…ÐþÿÿPè—ƒÄPM˜èkjMèjMQUÐR…ÈþÿÿPèkƒÄPÀþÿÿQèëƒÄPM¨èjUREØP¸þÿÿQè9ƒÄP•°þÿÿR蹃ÄPM°èÝjEPMÈQ•¨þÿÿRèƒÄP… þÿÿP臃ÄPM è«jMQUèR…˜þÿÿPèÕƒÄPþÿÿQèUƒÄPMÀèyjUREàPˆþÿÿQ裃ÄP•€þÿÿRè#ƒÄPM¸èGjE°PxþÿÿQ蕃ÄPU RE¨PMÀQU¸R…pþÿÿPèŃÄPhþÿÿQ赃ÄP•`þÿÿR襃ÄP…XþÿÿP蕃ÄPMQ•PþÿÿRèƒÄPM˜èåM˜èý‹Mð‰‰Q‹UðƒÂ‰Uðj
Mè‹EŒƒè‰EŒƒ}Œuûÿÿ‹Mø‹QT‹EðЉMð‹Uôƒê‰Uôƒ}ôJûÿÿ‹Mü3Í裋å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹EƒÀP‹MQ‹MüƒÁèk‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹MüƒÁè~Îÿÿ‹å]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹Eü‹Mo‹Eü‹å]ÂÌÌÌÌU‹ìQ‰Mü‹Eü‹M‰‹U‰P‹Eü‹å]ÂÌÌU‹ìQ‰Mü‹Mü‹‹Q‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoÑÈMð‹MøoEð‹Eø‹Mü3Íè’‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoñÈMð‹MøoEð‹Eø‹Mü3Íè2‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kè>o‹Møo	ëÈMè‹UøoEè‹Eø‹Mü3ÍèÇ‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹Müo‹E‹å]ÂÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‹Co‹Ko	ÝÈMðoÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPFPEð‹Kè‹C‹Mü3ÍèA‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEüEð‰Mì‹EìoEð‹Eì‹Mü3Íèï‹å]‹ã[wÃÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèèùþÿÿooMèñÁEàoEà‹Kè_ÿÿÿ‹C‹Mü3Íè‚‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèè‰þÿÿooMèÑÁEàoEà‹Kèïþÿÿ‹C‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì(¡øáD3ʼnEüEðP‹Kè!þÿÿoMèQ‹KEàèþÿÿooMàÛÁEØoE؋Kètþÿÿ‹C‹Mü3Íè—‹å]‹ã[ÃU‹ìƒìV‰Mø‹MøèÒÿÿ‰Eü‹Møèüÿÿ™ƒâÂÁø‹Mø‰AL‹EüƒÀkÀ™ƒâÂÁø‹Uø‰BPjj‹Møè°ûÿÿ‹ðj‹EüP‹Møè ûÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒìx¡øáD3ʼnEü‰Mø‹Møè’Ñÿÿ‰Eôjj‹MøèCûÿÿ‰EðMèèØÎÿÿMàèÐÎÿÿMØèÈÎÿÿMÐèÀÎÿÿMÈè¸ÎÿÿMÀè°ÎÿÿhMèèóMØè;‹Eø‹HP‰M¼‹Uð‰U¸‹Eð‹QMÀè΋U¸‹BPMàè¿‹Mø‹QL÷ڋEð‹QMÐ訋Uø‹BL‹Mð‹RMÈè“jjEÀPM°QèBýÿÿƒÄPUàREØPMÐQUÈRE¨PèuüÿÿƒÄPM QèhüÿÿƒÄPU˜Rè[üÿÿƒÄPEPèNüÿÿƒÄPMˆQèaýÿÿƒÄPMÐè…úÿÿ‹U¸‹BPMØèMÐ讋Mð‰‹UðƒÂ‰Uð‹E¼ƒè‰E¼ƒ}¼ÿÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ôàþÿÿ‹Mü3Íèa‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøïÀEð‹EøoEð‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰Mø3ÀnÀEðoEð‹Møo	gÈMèoEè~À‹Mü3Í诋å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEü‰Mø3ÀnÀEð‹KnÁEèoEðoMè`ÈMà‹UøoEà‹Mü3ÍèD‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹ƒát
‹U‹ƒÀ‹M‰‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‰Mø‹Møè~Îÿÿ‰Eü‹Møèƒøÿÿ™ƒâÂÁø‹Mø‰Ô]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPê„AL‹EüƒÀ™+ÂÑø‹Uø‰BPjj‹Møè'øÿÿ‹ðj‹EüP‹Møèøÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT‹Uüƒât‹Eø‹HTƒé‹Uø‰JT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ììÀ¡øáD3ʼnEü‰Mø‹MøèïÍÿÿ‰Eôjj‹Møè ÷ÿÿ‰EðMèè5ËÿÿMàè-ËÿÿMØè%ËÿÿMÐèËÿÿMÈèËÿÿMÀè
ËÿÿM¸èËÿÿM°èýÊÿÿM¨èõÊÿÿhMèè8þÿÿMÈè€ýÿÿ‹Eð‹QM¨è"þÿÿ‹Uø‹BP‰E¤‹Mð‹QRMàè
þÿÿ‹Eð‹HQMØèûýÿÿ‹Uø‹BL÷؋Mð‹RM¸èäýÿÿ‹Eø‹HL÷ًUð‹DŠPMÀèÌýÿÿ‹Mø‹QL‹Eð‹QM°è·ýÿÿ‹Uø‹BL‹Mð‹TRMÐè¡ýÿÿjjE¨PM˜QèPùÿÿƒÄPUàREÈPM¸QU°REPèƒøÿÿƒÄPMˆQèvøÿÿƒÄPU€RèiøÿÿƒÄP…xÿÿÿPèYøÿÿƒÄPpÿÿÿQèiùÿÿƒÄPM¸èöÿÿjjUàR…hÿÿÿPèÙøÿÿƒÄPMØQU¨REÀPMÐQ•`ÿÿÿRè	øÿÿƒÄP…XÿÿÿPèù÷ÿÿƒÄPPÿÿÿQèé÷ÿÿƒÄP•HÿÿÿRèÙ÷ÿÿƒÄP…@ÿÿÿPèéøÿÿƒÄPM°è
öÿÿMàQMÈèöÿÿUØRM¨èõõÿÿE°PM¸èY‹Mð‰‰Q‹UðƒÂ‰Uð‹E¤ƒè‰E¤ƒ}¤Lþÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ô!þÿÿ‹Mü3ÍèÙ
‹å]‹ã[ÃÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kèîöÿÿo‹Møo	gÈMè‹Eè‹Uì‹Mü3Íè~
‹å]‹ã[ÂÌÌÌÌÌU‹ìƒì0ÇEü ƒ¸íÇEܐAÜvÇEðÈ n;ÇEàd·ÇEÐ2ˆÛÇEìÄmÇEä,aîÇEô–0wÇEèÇEøÿÿÿÿ‹EE趉Mԃ}Ô„«‹Uø3UԉUø‹EøÁàÁø%–0w‹MøÁáÁùá,aî3Á‹UøÁâÁúâÄm3‹MøÁáÁùá2ˆÛ3Á‹UøÁâÁúâd·3‹MøÁáÁùáÈ n;3Á‹UøÁâÁúâAÜv3‹MøÁáÁùá ƒ¸í3Á‰E؋UøÁê3U؉Uø‹EèƒÀ‰Eèé?ÿÿÿ‹Eø÷Ћå]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQÇEüë‹EüƒÀ‰Eü‹MƒÁ‰M‹U·…Àtëâ‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‹EPè°ÿÿÿƒÄ‹ð‹MQè¢ÿÿÿƒÄ;ðt
¸éÇEüë‹UüƒÂ‰Uü‹EƒÀ‰E‹MƒÁ‰M‹URèdÿÿÿƒÄ9Eüsf‹Ef‹f‰Mø‹Uf‹f‰Eô·MøƒùA|·UøƒúZ·EøƒÀ f‰Eø·MôƒùA|·UôƒúZ·EôƒÀ f‰Eô·Mø·Uô;ÊÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPt¸ëénÿÿÿ3À^‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQd¡0‰Eü‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìèÕÿÿÿ‰Eð‹Eð‹H‰Mô‹Uô‹B‰Eø‹Mô‹Q‰Uü‹EP‹Mü‹Q0RèÇþÿÿƒÄ…Àu‹Eü‹@ë‹Mü‹‰Uü‹Eü;EøuÑ3À‹å]ÃÌÌU‹ìƒì ‹E‰Eì‹Mì‹UQ<‰Uè‹Eè‹MHx‰Mð‹Uð‹EB ‰Eô‹Mð‹UQ‰Uà‹Eð‹MH$‰MäÇEüë	‹UüƒÂ‰Uü‹Eð‹Mü;Hs9‹Uü‹Eô‹M‰Mø‹UøRèÃüÿÿƒÄ;Eu‹Eü‹Mä·A‹Eà‹M‹Áëë³3À‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì,¡øáD3ʼnEôÇEüÇEÔÇEøfÇEØkfÇEÚefÇEÜrfÇEÞnfÇEàefÇEâlfÇEä3fÇEæ2fÇEè.fÇEêdfÇEìlfÇEîlfÇEðh|›ÄoEØPèoþÿÿƒÄPèÆþÿÿƒÄ‰EÔhÿ|ɍMØQèRþÿÿƒÄPè©þÿÿƒÄ‰Eø‹URjj‹EPÿUÔPÿUø‰Eü‹Eü‹Mô3Íè0	‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQƒ}u2Àé”h0æChHæCèÿÿÿƒÄ‰Eüjj‹EPjj‹MQ‹URÿUü…Àu
2000
2Àë`‹E‹ƒÁQè`$ƒÄ‹U‰‹Eƒ8u2Àë>‹M‹ƒÂRj‹E‹Qè3#ƒÄjj‹UR‹E‹Qj‹UR‹EPÿUü…Àu2Àë°‹å]ÃÌÌÌÌÌÌÌU‹ììVDžìùÿÿÇEüë	‹EüƒÀ‰Eü}ü}‹Mü‹Uü‰”ðùÿÿëßÇEüë	‹EüƒÀ‰Eü}ü}n‹Mü‹µìùÿÿ´ðùÿÿ‹Eü3Ò÷u‹E¶ñ‹Æ™¹÷ù‰•ìùÿÿ‹UüŠ„•ðùÿÿˆ…ëùÿÿ‹Mü‹•ìùÿÿ‹„•ðùÿÿ‰„ðùÿÿ¶ëùÿÿ‹•ìùÿÿ‰Œ•ðùÿÿë€ÇEøë	‹EøƒÀ‰Eø‹Mø;Mƒ¦‹EüƒÀ™¹÷ù‰Uü‹Uü‹…ìùÿÿ„•ðùÿÿ™¹÷ù‰•ìùÿÿ‹UüŠ„•ðùÿÿˆ…ëùÿÿ‹Mü‹•ìùÿÿ‹„•ðùÿÿ‰„ðùÿÿ¶ëùÿÿ‹•ìùÿÿ‰Œ•ðùÿÿ‹Eü‹„…ðùÿÿ‹ìùÿÿ„ðùÿÿ™¹÷ù‹EEø¶3Œ•ðùÿÿ‹UUøˆ
éEÿÿÿ‹E^‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìh`æChxæCè»üÿÿƒÄ‰EüÇEøjjjjEøPÿUü…Àu3ÀëjjjjMøQÿUü…Àu3À븋å]ÃÌÌÌÌÌÌÌU‹ìQ‰Müè‹å]ÃU‹ì¸XþC]ÃÌÌÌÌÌÌU‹ìQ‰Müj‹Müè™o‹EüǔþC‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìjÿhYºCd¡P¸0è%1¡øáD3ʼnEÔPEôd£‰(éÿÿh”æCh¤æCèÜûÿÿƒÄ4]„Q'Tņ
ÅÀ¨ðPÀŽÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPvIèeƒÄPM˜è‰jMè?EPMÐQ•(ÿÿÿR諃ÄPM¨è_EPMØQ• ÿÿÿR苃ÄPM°è?EPMÈQ•ÿÿÿRèkƒÄPM èEPMèQ•ÿÿÿRèKƒÄPMÀèÿEPMàQ•ÿÿÿRè+ƒÄPM¸èßjjE°PÿÿÿQè+ƒÄPU RE¨PMÀQU¸R…øþÿÿPè[ƒÄPðþÿÿQèKƒÄP•èþÿÿRè;ƒÄP…àþÿÿPè+ƒÄPØþÿÿQè;ƒÄPUR…ÐþÿÿPè—ƒÄPM˜èkjMèjMQUÐR…ÈþÿÿPèkƒÄPÀþÿÿQèëƒÄPM¨èjUREØP¸þÿÿQè9ƒÄP•°þÿÿR蹃ÄPM°èÝjEPMÈQ•¨þÿÿRèƒÄP… þÿÿP臃ÄPM è«jMQUèR…˜þÿÿPèÕƒÄPþÿÿQèUƒÄPMÀèyjUREàPˆþÿÿQ裃ÄP•€þÿÿRè#ƒÄPM¸èGjE°PxþÿÿQ蕃ÄPU RE¨PMÀQU¸R…pþÿÿPèŃÄPhþÿÿQ赃ÄP•`þÿÿR襃ÄP…XþÿÿP蕃ÄPMQ•PþÿÿRèƒÄPM˜èåM˜èý‹Mð‰‰Q‹UðƒÂ‰Uðj
Mè‹EŒƒè‰EŒƒ}Œuûÿÿ‹Mø‹QT‹EðЉMð‹Uôƒê‰Uôƒ}ôJûÿÿ‹Mü3Í裋å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹EƒÀP‹MQ‹MüƒÁèk‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹MüƒÁè~Îÿÿ‹å]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹Eü‹Mo‹Eü‹å]ÂÌÌÌÌU‹ìQ‰Mü‹Eü‹M‰‹U‰P‹Eü‹å]ÂÌÌU‹ìQ‰Mü‹Mü‹‹Q‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoÑÈMð‹MøoEð‹Eø‹Mü3Íè’‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoñÈMð‹MøoEð‹Eø‹Mü3Íè2‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kè>o‹Møo	ëÈMè‹UøoEè‹Eø‹Mü3ÍèÇ‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹Müo‹E‹å]ÂÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‹Co‹Ko	ÝÈMðoÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPFPEð‹Kè‹C‹Mü3ÍèA‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEüEð‰Mì‹EìoEð‹Eì‹Mü3Íèï‹å]‹ã[wÃÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèèùþÿÿooMèñÁEàoEà‹Kè_ÿÿÿ‹C‹Mü3Íè‚‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèè‰þÿÿooMèÑÁEàoEà‹Kèïþÿÿ‹C‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì(¡øáD3ʼnEüEðP‹Kè!þÿÿoMèQ‹KEàèþÿÿooMàÛÁEØoE؋Kètþÿÿ‹C‹Mü3Íè—‹å]‹ã[ÃU‹ìƒìV‰Mø‹MøèÒÿÿ‰Eü‹Møèüÿÿ™ƒâÂÁø‹Mø‰AL‹EüƒÀkÀ™ƒâÂÁø‹Uø‰BPjj‹Møè°ûÿÿ‹ðj‹EüP‹Møè ûÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒìx¡øáD3ʼnEü‰Mø‹Møè’Ñÿÿ‰Eôjj‹MøèCûÿÿ‰EðMèèØÎÿÿMàèÐÎÿÿMØèÈÎÿÿMÐèÀÎÿÿMÈè¸ÎÿÿMÀè°ÎÿÿhMèèóMØè;‹Eø‹HP‰M¼‹Uð‰U¸‹Eð‹QMÀè΋U¸‹BPMàè¿‹Mø‹QL÷ڋEð‹QMÐ訋Uø‹BL‹Mð‹RMÈè“jjEÀPM°QèBýÿÿƒÄPUàREØPMÐQUÈRE¨PèuüÿÿƒÄPM QèhüÿÿƒÄPU˜Rè[üÿÿƒÄPEPèNüÿÿƒÄPMˆQèaýÿÿƒÄPMÐè…úÿÿ‹U¸‹BPMØèMÐ讋Mð‰‹UðƒÂ‰Uð‹E¼ƒè‰E¼ƒ}¼ÿÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ôàþÿÿ‹Mü3Íèa‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøïÀEð‹EøoEð‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰Mø3ÀnÀEðoEð‹Møo	gÈMèoEè~À‹Mü3Í诋å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEü‰Mø3ÀnÀEð‹KnÁEèoEðoMè`ÈMà‹UøoEà‹Mü3ÍèD‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹ƒát
‹U‹ƒÀ‹M‰‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‰Mø‹Møè~Îÿÿ‰Eü‹Møèƒøÿÿ™ƒâÂÁø‹Mø‰Ô]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPê„AL‹EüƒÀ™+ÂÑø‹Uø‰BPjj‹Møè'øÿÿ‹ðj‹EüP‹Møèøÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT‹Uüƒât‹Eø‹HTƒé‹Uø‰JT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ììÀ¡øáD3ʼnEü‰Mø‹MøèïÍÿÿ‰Eôjj‹Møè ÷ÿÿ‰EðMèè5ËÿÿMàè-ËÿÿMØè%ËÿÿMÐèËÿÿMÈèËÿÿMÀè
ËÿÿM¸èËÿÿM°èýÊÿÿM¨èõÊÿÿhMèè8þÿÿMÈè€ýÿÿ‹Eð‹QM¨è"þÿÿ‹Uø‹BP‰E¤‹Mð‹QRMàè
þÿÿ‹Eð‹HQMØèûýÿÿ‹Uø‹BL÷؋Mð‹RM¸èäýÿÿ‹Eø‹HL÷ًUð‹DŠPMÀèÌýÿÿ‹Mø‹QL‹Eð‹QM°è·ýÿÿ‹Uø‹BL‹Mð‹TRMÐè¡ýÿÿjjE¨PM˜QèPùÿÿƒÄPUàREÈPM¸QU°REPèƒøÿÿƒÄPMˆQèvøÿÿƒÄPU€RèiøÿÿƒÄP…xÿÿÿPèYøÿÿƒÄPpÿÿÿQèiùÿÿƒÄPM¸èöÿÿjjUàR…hÿÿÿPèÙøÿÿƒÄPMØQU¨REÀPMÐQ•`ÿÿÿRè	øÿÿƒÄP…XÿÿÿPèù÷ÿÿƒÄPPÿÿÿQèé÷ÿÿƒÄP•HÿÿÿRèÙ÷ÿÿƒÄP…@ÿÿÿPèéøÿÿƒÄPM°è
öÿÿMàQMÈèöÿÿUØRM¨èõõÿÿE°PM¸èY‹Mð‰‰Q‹UðƒÂ‰Uð‹E¤ƒè‰E¤ƒ}¤Lþÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ô!þÿÿ‹Mü3ÍèÙ
‹å]‹ã[ÃÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kèîöÿÿo‹Møo	gÈMè‹Eè‹Uì‹Mü3Íè~
‹å]‹ã[ÂÌÌÌÌÌU‹ìƒì0ÇEü ƒ¸íÇEܐAÜvÇEðÈ n;ÇEàd·ÇEÐ2ˆÛÇEìÄmÇEä,aîÇEô–0wÇEèÇEøÿÿÿÿ‹EE趉Mԃ}Ô„«‹Uø3UԉUø‹EøÁàÁø%–0w‹MøÁáÁùá,aî3Á‹UøÁâÁúâÄm3‹MøÁáÁùá2ˆÛ3Á‹UøÁâÁúâd·3‹MøÁáÁùáÈ n;3Á‹UøÁâÁúâAÜv3‹MøÁáÁùá ƒ¸í3Á‰E؋UøÁê3U؉Uø‹EèƒÀ‰Eèé?ÿÿÿ‹Eø÷Ћå]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQÇEüë‹EüƒÀ‰Eü‹MƒÁ‰M‹U·…Àtëâ‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‹EPè°ÿÿÿƒÄ‹ð‹MQè¢ÿÿÿƒÄ;ðt
¸éÇEüë‹UüƒÂ‰Uü‹EƒÀ‰E‹MƒÁ‰M‹URèdÿÿÿƒÄ9Eüsf‹Ef‹f‰Mø‹Uf‹f‰Eô·MøƒùA|·UøƒúZ·EøƒÀ f‰Eø·MôƒùA|·UôƒúZ·EôƒÀ f‰Eô·Mø·Uô;ÊÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPt¸ëénÿÿÿ3À^‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQd¡0‰Eü‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìèÕÿÿÿ‰Eð‹Eð‹H‰Mô‹Uô‹B‰Eø‹Mô‹Q‰Uü‹EP‹Mü‹Q0RèÇþÿÿƒÄ…Àu‹Eü‹@ë‹Mü‹‰Uü‹Eü;EøuÑ3À‹å]ÃÌÌU‹ìƒì ‹E‰Eì‹Mì‹UQ<‰Uè‹Eè‹MHx‰Mð‹Uð‹EB ‰Eô‹Mð‹UQ‰Uà‹Eð‹MH$‰MäÇEüë	‹UüƒÂ‰Uü‹Eð‹Mü;Hs9‹Uü‹Eô‹M‰Mø‹UøRèÃüÿÿƒÄ;Eu‹Eü‹Mä·A‹Eà‹M‹Áëë³3À‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì,¡øáD3ʼnEôÇEüÇEÔÇEøfÇEØkfÇEÚefÇEÜrfÇEÞnfÇEàefÇEâlfÇEä3fÇEæ2fÇEè.fÇEêdfÇEìlfÇEîlfÇEðh|›ÄoEØPèoþÿÿƒÄPèÆþÿÿƒÄ‰EÔhÿ|ɍMØQèRþÿÿƒÄPè©þÿÿƒÄ‰Eø‹URjj‹EPÿUÔPÿUø‰Eü‹Eü‹Mô3Íè0	‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQƒ}u2Àé”h0æChHæCèÿÿÿƒÄ‰Eüjj‹EPjj‹MQ‹URÿUü…Àu
2000
2Àë`‹E‹ƒÁQè`$ƒÄ‹U‰‹Eƒ8u2Àë>‹M‹ƒÂRj‹E‹Qè3#ƒÄjj‹UR‹E‹Qj‹UR‹EPÿUü…Àu2Àë°‹å]ÃÌÌÌÌÌÌÌU‹ììVDžìùÿÿÇEüë	‹EüƒÀ‰Eü}ü}‹Mü‹Uü‰”ðùÿÿëßÇEüë	‹EüƒÀ‰Eü}ü}n‹Mü‹µìùÿÿ´ðùÿÿ‹Eü3Ò÷u‹E¶ñ‹Æ™¹÷ù‰•ìùÿÿ‹UüŠ„•ðùÿÿˆ…ëùÿÿ‹Mü‹•ìùÿÿ‹„•ðùÿÿ‰„ðùÿÿ¶ëùÿÿ‹•ìùÿÿ‰Œ•ðùÿÿë€ÇEøë	‹EøƒÀ‰Eø‹Mø;Mƒ¦‹EüƒÀ™¹÷ù‰Uü‹Uü‹…ìùÿÿ„•ðùÿÿ™¹÷ù‰•ìùÿÿ‹UüŠ„•ðùÿÿˆ…ëùÿÿ‹Mü‹•ìùÿÿ‹„•ðùÿÿ‰„ðùÿÿ¶ëùÿÿ‹•ìùÿÿ‰Œ•ðùÿÿ‹Eü‹„…ðùÿÿ‹ìùÿÿ„ðùÿÿ™¹÷ù‹EEø¶3Œ•ðùÿÿ‹UUøˆ
éEÿÿÿ‹E^‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìh`æChxæCè»üÿÿƒÄ‰EüÇEøjjjjEøPÿUü…Àu3ÀëjjjjMøQÿUü…Àu3À븋å]ÃÌÌÌÌÌÌÌU‹ìQ‰Müè‹å]ÃU‹ì¸XþC]ÃÌÌÌÌÌÌU‹ìQ‰Müj‹Müè™o‹EüǔþC‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìjÿhYºCd¡P¸0è%1¡øáD3ʼnEÔPEôd£‰(éÿÿh”æCh¤æCèÜûÿÿƒÄ4]„Q'T½8†
ÅÀ¨ðPÀŽÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPvIèeƒÄPM˜è‰jMè?EPMÐQ•(ÿÿÿR諃ÄPM¨è_EPMØQ• ÿÿÿR苃ÄPM°è?EPMÈQ•ÿÿÿRèkƒÄPM èEPMèQ•ÿÿÿRèKƒÄPMÀèÿEPMàQ•ÿÿÿRè+ƒÄPM¸èßjjE°PÿÿÿQè+ƒÄPU RE¨PMÀQU¸R…øþÿÿPè[ƒÄPðþÿÿQèKƒÄP•èþÿÿRè;ƒÄP…àþÿÿPè+ƒÄPØþÿÿQè;ƒÄPUR…ÐþÿÿPè—ƒÄPM˜èkjMèjMQUÐR…ÈþÿÿPèkƒÄPÀþÿÿQèëƒÄPM¨èjUREØP¸þÿÿQè9ƒÄP•°þÿÿR蹃ÄPM°èÝjEPMÈQ•¨þÿÿRèƒÄP… þÿÿP臃ÄPM è«jMQUèR…˜þÿÿPèÕƒÄPþÿÿQèUƒÄPMÀèyjUREàPˆþÿÿQ裃ÄP•€þÿÿRè#ƒÄPM¸èGjE°PxþÿÿQ蕃ÄPU RE¨PMÀQU¸R…pþÿÿPèŃÄPhþÿÿQ赃ÄP•`þÿÿR襃ÄP…XþÿÿP蕃ÄPMQ•PþÿÿRèƒÄPM˜èåM˜èý‹Mð‰‰Q‹UðƒÂ‰Uðj
Mè‹EŒƒè‰EŒƒ}Œuûÿÿ‹Mø‹QT‹EðЉMð‹Uôƒê‰Uôƒ}ôJûÿÿ‹Mü3Í裋å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹EƒÀP‹MQ‹MüƒÁèk‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹MüƒÁè~Îÿÿ‹å]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹Eü‹Mo‹Eü‹å]ÂÌÌÌÌU‹ìQ‰Mü‹Eü‹M‰‹U‰P‹Eü‹å]ÂÌÌU‹ìQ‰Mü‹Mü‹‹Q‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoÑÈMð‹MøoEð‹Eø‹Mü3Íè’‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoñÈMð‹MøoEð‹Eø‹Mü3Íè2‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kè>o‹Møo	ëÈMè‹UøoEè‹Eø‹Mü3ÍèÇ‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹Müo‹E‹å]ÂÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‹Co‹Ko	ÝÈMðoÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPFPEð‹Kè‹C‹Mü3ÍèA‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEüEð‰Mì‹EìoEð‹Eì‹Mü3Íèï‹å]‹ã[wÃÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèèùþÿÿooMèñÁEàoEà‹Kè_ÿÿÿ‹C‹Mü3Íè‚‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèè‰þÿÿooMèÑÁEàoEà‹Kèïþÿÿ‹C‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì(¡øáD3ʼnEüEðP‹Kè!þÿÿoMèQ‹KEàèþÿÿooMàÛÁEØoE؋Kètþÿÿ‹C‹Mü3Íè—‹å]‹ã[ÃU‹ìƒìV‰Mø‹MøèÒÿÿ‰Eü‹Møèüÿÿ™ƒâÂÁø‹Mø‰AL‹EüƒÀkÀ™ƒâÂÁø‹Uø‰BPjj‹Møè°ûÿÿ‹ðj‹EüP‹Møè ûÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒìx¡øáD3ʼnEü‰Mø‹Møè’Ñÿÿ‰Eôjj‹MøèCûÿÿ‰EðMèèØÎÿÿMàèÐÎÿÿMØèÈÎÿÿMÐèÀÎÿÿMÈè¸ÎÿÿMÀè°ÎÿÿhMèèóMØè;‹Eø‹HP‰M¼‹Uð‰U¸‹Eð‹QMÀè΋U¸‹BPMàè¿‹Mø‹QL÷ڋEð‹QMÐ訋Uø‹BL‹Mð‹RMÈè“jjEÀPM°QèBýÿÿƒÄPUàREØPMÐQUÈRE¨PèuüÿÿƒÄPM QèhüÿÿƒÄPU˜Rè[üÿÿƒÄPEPèNüÿÿƒÄPMˆQèaýÿÿƒÄPMÐè…úÿÿ‹U¸‹BPMØèMÐ讋Mð‰‹UðƒÂ‰Uð‹E¼ƒè‰E¼ƒ}¼ÿÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ôàþÿÿ‹Mü3Íèa‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøïÀEð‹EøoEð‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰Mø3ÀnÀEðoEð‹Møo	gÈMèoEè~À‹Mü3Í诋å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEü‰Mø3ÀnÀEð‹KnÁEèoEðoMè`ÈMà‹UøoEà‹Mü3ÍèD‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹ƒát
‹U‹ƒÀ‹M‰‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‰Mø‹Møè~Îÿÿ‰Eü‹Møèƒøÿÿ™ƒâÂÁø‹Mø‰Ô]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPê„AL‹EüƒÀ™+ÂÑø‹Uø‰BPjj‹Møè'øÿÿ‹ðj‹EüP‹Møèøÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT‹Uüƒât‹Eø‹HTƒé‹Uø‰JT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ììÀ¡øáD3ʼnEü‰Mø‹MøèïÍÿÿ‰Eôjj‹Møè ÷ÿÿ‰EðMèè5ËÿÿMàè-ËÿÿMØè%ËÿÿMÐèËÿÿMÈèËÿÿMÀè
ËÿÿM¸èËÿÿM°èýÊÿÿM¨èõÊÿÿhMèè8þÿÿMÈè€ýÿÿ‹Eð‹QM¨è"þÿÿ‹Uø‹BP‰E¤‹Mð‹QRMàè
þÿÿ‹Eð‹HQMØèûýÿÿ‹Uø‹BL÷؋Mð‹RM¸èäýÿÿ‹Eø‹HL÷ًUð‹DŠPMÀèÌýÿÿ‹Mø‹QL‹Eð‹QM°è·ýÿÿ‹Uø‹BL‹Mð‹TRMÐè¡ýÿÿjjE¨PM˜QèPùÿÿƒÄPUàREÈPM¸QU°REPèƒøÿÿƒÄPMˆQèvøÿÿƒÄPU€RèiøÿÿƒÄP…xÿÿÿPèYøÿÿƒÄPpÿÿÿQèiùÿÿƒÄPM¸èöÿÿjjUàR…hÿÿÿPèÙøÿÿƒÄPMØQU¨REÀPMÐQ•`ÿÿÿRè	øÿÿƒÄP…XÿÿÿPèù÷ÿÿƒÄPPÿÿÿQèé÷ÿÿƒÄP•HÿÿÿRèÙ÷ÿÿƒÄP…@ÿÿÿPèéøÿÿƒÄPM°è
öÿÿMàQMÈèöÿÿUØRM¨èõõÿÿE°PM¸èY‹Mð‰‰Q‹UðƒÂ‰Uð‹E¤ƒè‰E¤ƒ}¤Lþÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ô!þÿÿ‹Mü3ÍèÙ
‹å]‹ã[ÃÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kèîöÿÿo‹Møo	gÈMè‹Eè‹Uì‹Mü3Íè~
‹å]‹ã[ÂÌÌÌÌÌU‹ìƒì0ÇEü ƒ¸íÇEܐAÜvÇEðÈ n;ÇEàd·ÇEÐ2ˆÛÇEìÄmÇEä,aîÇEô–0wÇEèÇEøÿÿÿÿ‹EE趉Mԃ}Ô„«‹Uø3UԉUø‹EøÁàÁø%–0w‹MøÁáÁùá,aî3Á‹UøÁâÁúâÄm3‹MøÁáÁùá2ˆÛ3Á‹UøÁâÁúâd·3‹MøÁáÁùáÈ n;3Á‹UøÁâÁúâAÜv3‹MøÁáÁùá ƒ¸í3Á‰E؋

This file has been truncated. Go here to download in full.


packet_stats.log - (24356 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
Packet profile dump:

IP ver  Proto  cnt      min      max      avg      tot      %% 
------  -----  ----------   ------------  ------------  -----------  -----------  ---
 IPv4    6      998     5827608   587975990   338239381    337.6b  68.15
 IPv4   17      236     4249586   574784418   452759017    106.9b  21.57
 IPv6    6      36    370563888   588636460   504203674     18.2b  3.66
 IPv6   17      40     5437080   559789128   454630294     18.2b  3.67
 IPv6   58      30    369560396   575032544   485855122     14.6b  2.94
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module       IP ver  Proto  cnt      min      max      avg      tot      %% 
------------------------  ------  -----  ----------   ------------  ------------  -----------  -----------  ---
TMM_FLOWWORKER       IPv4    6      998      114694    34786990    616351    615.1m  73.62
TMM_FLOWWORKER       IPv4   17      236      260810    18757552    514524    121.4m  14.53
TMM_RECEIVEPCAPFILE     IPv4    6      967       4446    14940256     20655     20.0m  2.39
TMM_RECEIVEPCAPFILE     IPv4   17      236       4472     12778     5155     1.2m  0.15
TMM_DECODEPCAPFILE     IPv4    6      967       4564    20863876     37333     36.1m  4.32
TMM_DECODEPCAPFILE     IPv4   17      236       4564     38432     5266     1.2m  0.15
TMM_FLOWWORKER       IPv6    6      36      117162    1400728    408175     14.7m  1.76
TMM_FLOWWORKER       IPv6   17      40      271956     607830    362648     14.5m  1.74
TMM_FLOWWORKER       IPv6   58      30      116228     204606    150943     4.5m  0.54
TMM_RECEIVEPCAPFILE     IPv6    6      36       4452      8670     4928    177.4k  0.02
TMM_RECEIVEPCAPFILE     IPv6   17      40       4514      6370     5017    200.7k  0.02
TMM_RECEIVEPCAPFILE     IPv6   58      30       4470      7808     4853    145.6k  0.02
TMM_DECODEPCAPFILE     IPv6    6      36       4598      6326     4879    175.6k  0.02
TMM_DECODEPCAPFILE     IPv6   17      40       4652    5608668    145549     5.8m  0.70
TMM_DECODEPCAPFILE     IPv6   58      30       4620     55310     7149    214.5k  0.03

Flow Worker      IP ver  Proto  cnt      min      max      avg     
--------------------  ------  -----  ----------   ------------  ------------  ----------- 
flow          IPv4    6      967       4738     39716     5526     5.3m 0.76 
flow          IPv4   17      236       4744     78944     6620     1.6m 0.22 
stream         IPv4    6      998       4854    32711492     53493     53.4m 7.56 
app-layer        IPv4   17      236       4422     88524     11678     2.8m 0.39 
detect         IPv4    6      998      77374    34342090    515262    514.2m 72.78 
detect         IPv4   17      236      232632    1255230    388937     91.8m 12.99 
tcp-prune        IPv4    6      998       4436     828530     6600     6.6m 0.93 
flow          IPv6    6      36       4752     22328     6069    218.5k 0.03 
flow          IPv6   17      40       4780     34546     7155    286.2k 0.04 
flow          IPv6   58      30       4826     26704     7279    218.4k 0.03 
stream         IPv6    6      36       5594     136850     24902    896.5k 0.13 
app-layer        IPv6   17      40       4432     20106     8790    351.6k 0.05 
detect         IPv6    6      36      79254    1294584    327516     11.8m 1.67 
detect         IPv6   17      40      242136     547156    326603     13.1m 1.85 
detect         IPv6   58      30      96220     184480    128738     3.9m 0.55 
tcp-prune        IPv6    6      36       4452      6736     4855    174.8k 0.02 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer       IP ver  Proto  cnt      min      max      avg     
--------------------  ------  -----  ----------   ------------  ------------  ----------- 
http          IPv4    6      51       4818     137002     10771    549.3k 24.28 
http          IPv4   17      62       4818     65188     19679     1.2m 53.92 
tls           IPv4    6       7       4586      6174     5407     37.9k 1.67 
dns           IPv4   17      36       5840     29990     10361    373.0k 16.48 
http          IPv6    6       3       5216      8224     6829     20.5k 0.91 
http          IPv6   17      10       4818     11082     6198     62.0k 2.74 
Proto detect      IPv4    6      11       4700     12826     6559     72.2k
Proto detect      IPv4   17      98       4650     42552     7724    757.0k
Proto detect      IPv6   17      14       4660      8504     5697     79.8k

Log Thread Module     IP ver  Proto  cnt      min      max      avg      tot      %% 
------------------------  ------  -----  ----------   ------------  ------------  -----------  -----------  ---

Logger/output stats:

Logger           IP ver  Proto  cnt      min      max      avg      tot     
------------------------  ------  -----  ----------   ------------  ------------  -----------  ----------- 
LOGGER_ALERT_FAST      IPv4    6       6      29164     201832     74446    446.7k 1.49 
LOGGER_UNIFIED2       IPv4    6       6      43942     202458     94704    568.2k 1.90 
LOGGER_JSON_ALERT      IPv4    6       6      42288     186212     88205    529.2k 1.77 
LOGGER_JSON_DNS       IPv4   17      36      33058    17493432    562082     20.2m 67.60 
LOGGER_JSON_HTTP      IPv4    6      35      42074     230150     88461     3.1m 10.34 
LOGGER_JSON_TLS       IPv4    6       6       4778     67776     26686    160.1k 0.53 
LOGGER_JSON_FILE      IPv4    6      47      52060     204238     89247     4.2m 14.01 
LOGGER_JSON_HTTP      IPv6    6       3      87870     159374    113512    340.5k 1.14 
LOGGER_JSON_FILE      IPv6    6       3      84956     141546    120628    361.9k 1.21 

Prefilter            IP ver  Proto  cnt      min      max      avg      tot     %% 
--------------------       ------  -----  ----------   ------------  ------------  -----------  ---------  ---
payload              IPv4    6      646       4444     601098     42228    27.3m 18.72 
payload              IPv4   17      236       7352     476716     42414    10.0m 6.87 
stream              IPv4    6      646       4416    9781422     85052    54.9m 37.71 
http_uri             IPv4    6      35      10572     77856     28616     1.0m 0.69 
http_request_line         IPv4    6      35       6102     24460     9252    323.8k 0.22 
http_client_body         IPv4    6      35       4720     355338     64900     2.3m 1.56 
http_header (request)       IPv4    6      35      14072     212978     58790     2.1m 1.41 
http_header (request trailer)   IPv4    6      35       4496      9968     4749    166.2k 0.11 
http_header_names (request)    IPv4    6      35       7348     52298     21938    767.8k 0.53 
http_accept (request)       IPv4    6      35       4968     12204     6152    215.3k 0.15 
http_referer (request)      IPv4    6      35       4672      9056     5575    195.2k 0.13 
http_content_len (request)    IPv4    6      35       4766     30284     6836    239.3k 0.16 
http_content_type (request)    IPv4    6      35       4678     37348     7892    276.2k 0.19 
http_protocol (request)      IPv4    6      35       4954      9240     6837    239.3k 0.16 
http_start (request)       IPv4    6      35       7698     35878     14713    515.0k 0.35 
http_raw_header (request)     IPv4    6      35      11170     35976     18256    639.0k 0.44 
http_method            IPv4    6      35       5034     28604     8413    294.5k 0.20 
http_cookie (request)       IPv4    6      35       4790     11040     5593    195.8k 0.13 
http_raw_uri           IPv4    6      35       5336     14634     7391    258.7k 0.18 
http_user_agent          IPv4    6      35       4980     150012     18717    655.1k 0.45 
http_host             IPv4    6      35       5622     16282     8333    291.7k 0.20 
dns_query             IPv4   17      18       4858     27856     10545    189.8k 0.13 
tls_sni              IPv4    6       6       6680     15288     10751    64.5k 0.04 
http_response_line        IPv4    6      32       5298     25184     9659    309.1k 0.21 
http_header (response)      IPv4    6      32      12814     125342     36845     1.2m 0.81 
http_header (response trailer)  IPv4    6      32       4472     50374     7006    224.2k 0.15 
http_content_type (response)   IPv4    6      32       5620     38776     9759    312.3k 0.21 
http_raw_header (response)    IPv4    6      433       5774     102858     9233     4.0m 2.74 
http_cookie (response)      IPv4    6      32       4848     23916     6179    197.8k 0.14 
http_stat_code          IPv4    6      32       4726     21172     6147    196.7k 0.13 
tls_cert_issuer          IPv4    6       6       4508     21756     8206    49.2k 0.03 
tls_cert_subject         IPv4    6       6       4482     16408     8425    50.5k 0.03 
tls_cert_serial          IPv4    6       6       4496      8438     5602    33.6k 0.02 
file_data (http response)     IPv4    6      401       4462    1785418     76013    30.5m 20.92 
Total               IPv4         3226                     43435    140.1m
payload              IPv6    6      24       4504     289606     41360    992.7k 0.68 
payload              IPv6   17      40       7146     142854     35086     1.4m 0.96 
payload              IPv6   58      30       4804     34978     8208    246.3k 0.17 
stream              IPv6    6      24       4434     372766     63656     1.5m 1.05 
http_uri             IPv6    6       3      51106     72674     59528    178.6k 0.12 
http_request_line         IPv6    6       3       7514     11688     9792    29.4k 0.02 
http_client_body         IPv6    6       3       5276      6796     6154    18.5k 0.01 
http_header (request)       IPv6    6       3      66896     110688     92231    276.7k 0.19 
http_header (request trailer)   IPv6    6       3       4536     10638     6578    19.7k 0.01 
http_header_names (request)    IPv6    6       3      27882     84076     47303    141.9k 0.10 
http_accept (request)       IPv6    6       3       8304     10596     9290    27.9k 0.02 
http_referer (request)      IPv6    6       3       5224      6476     5714    17.1k 0.01 
http_content_len (request)    IPv6    6       3       5134      5390     5281    15.8k 0.01 
http_content_type (request)    IPv6    6       3       5006      5398     5201    15.6k 0.01 
http_protocol (request)      IPv6    6       3       7082      7576     7342    22.0k 0.02 
http_start (request)       IPv6    6       3      12344     17606     15214    45.6k 0.03 
http_raw_header (request)     IPv6    6       3      17290     20404     18876    56.6k 0.04 
http_method            IPv6    6       3       8876      9594     9140    27.4k 0.02 
http_cookie (request)       IPv6    6       3       5230      5778     5454    16.4k 0.01 
http_raw_uri           IPv6    6       3       8530      9372     8861    26.6k 0.02 
http_user_agent          IPv6    6       3       8684     30096     16121    48.4k 0.03 
http_host             IPv6    6       3       8756     30168     16334    49.0k 0.03 
http_response_line        IPv6    6       3      10818     13980     12061    36.2k 0.02 
http_header (response)      IPv6    6       3      38886     45674     41437    124.3k 0.09 
http_header (response trailer)  IPv6    6       3       4686      5000     4866    14.6k 0.01 
http_content_type (response)   IPv6    6       3       8946     11132     9946    29.8k 0.02 
http_raw_header (response)    IPv6    6      12       5754     16116     8470    101.6k 0.07 
http_cookie (response)      IPv6    6       3       4924      6970     5615    16.8k 0.01 
http_stat_code          IPv6    6       3       5972      6290     6090    18.3k 0.01 
file_data (http response)     IPv6    6       9  

This file has been truncated. Go here to download in full.


suricata-report-2019-09-20-T-08-39-25-09202019.0838-network.pcap.txt - (17761 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dc3a62becde112f824b78127ad5e6b3b56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09202019.0838-network.pcap -vvv -k none
elapsedtime:24.016496
stderr:
stdout:
20/9/2019 -- 08:39:01 - <Info> - Configuration node 'rule-files' redefined.
20/9/2019 -- 08:39:01 - <Notice> - This is Suricata version 4.0.0 RELEASE
20/9/2019 -- 08:39:01 - <Info> - CPUs/cores online: 1
20/9/2019 -- 08:39:01 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33057 and 'request-body-inspect-window' set to 16327 after randomization.
20/9/2019 -- 08:39:01 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31662 and 'response-body-inspect-window' set to 16239 after randomization.
20/9/2019 -- 08:39:01 - <Config> - DNS request flood protection level: 500
20/9/2019 -- 08:39:01 - <Config> - DNS per flow memcap (state-memcap): 524288
20/9/2019 -- 08:39:01 - <Config> - DNS global memcap: 16777216
20/9/2019 -- 08:39:01 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
20/9/2019 -- 08:39:01 - <Config> - preallocated 1000 hosts of size 136
20/9/2019 -- 08:39:01 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
20/9/2019 -- 08:39:01 - <Config> - using magic-file /usr/share/file/magic
20/9/2019 -- 08:39:01 - <Config> - Core dump size is unlimited.
20/9/2019 -- 08:39:01 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
20/9/2019 -- 08:39:01 - <Config> - preallocated 1000 defrag trackers of size 168
20/9/2019 -- 08:39:01 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
20/9/2019 -- 08:39:01 - <Config> - stream "prealloc-sessions": 2048 (per thread)
20/9/2019 -- 08:39:01 - <Config> - stream "memcap": 33554432
20/9/2019 -- 08:39:01 - <Config> - stream "midstream" session pickups: disabled
20/9/2019 -- 08:39:01 - <Config> - stream "async-oneside": disabled
20/9/2019 -- 08:39:01 - <Config> - stream "checksum-validation": disabled
20/9/2019 -- 08:39:01 - <Config> - stream."inline": disabled
20/9/2019 -- 08:39:01 - <Config> - stream "bypass": disabled
20/9/2019 -- 08:39:01 - <Config> - stream "max-synack-queued": 5
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "memcap": 134217728
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "depth": 0
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "toserver-chunk-size": 2618
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "toclient-chunk-size": 2560
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly.raw: enabled
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "segment-prealloc": 2048
20/9/2019 -- 08:39:01 - <Config> - Delayed detect disabled
20/9/2019 -- 08:39:01 - <Config> - pattern matchers: MPM: ac, SPM: bm
20/9/2019 -- 08:39:01 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
20/9/2019 -- 08:39:01 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
20/9/2019 -- 08:39:01 - <Config> - prefilter engines: MPM
20/9/2019 -- 08:39:01 - <Config> - IP reputation disabled
20/9/2019 -- 08:39:01 - <Perf> - Registered 148 keyword profiling counters.
20/9/2019 -- 08:39:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
20/9/2019 -- 08:39:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
20/9/2019 -- 08:39:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
20/9/2019 -- 08:39:06 - <Config> - No rules loaded from ET-icmp.rules.
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
20/9/2019 -- 08:39:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
20/9/2019 -- 08:39:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
20/9/2019 -- 08:39:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
20/9/2019 -- 08:39:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
20/9/2019 -- 08:39:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
20/9/2019 -- 08:39:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
20/9/2019 -- 08:39:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
20/9/2019 -- 08:39:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
20/9/2019 -- 08:39:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
20/9/2019 -- 08:39:14 - <Config> - No rules loaded from local.rules.
20/9/2019 -- 08:39:14 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
20/9/2019 -- 08:39:14 - <Info> - Threshold config parsed: 0 rule(s) found
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tcp-packet
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tcp-stream
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for udp-packet
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for other-ip
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_uri
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_request_line
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_client_body
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_response_line
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_header
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_header
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_header_names
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_header_names
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_accept
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_accept_enc
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_accept_lang
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_referer
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_connection
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_content_len
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_content_len
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_content_type
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_content_type
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_protocol
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_protocol
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_start
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_start
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_raw_header
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_raw_header
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_method
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_cookie
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_cookie
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_raw_uri
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_user_agent
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_host
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_raw_host
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_stat_msg
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_stat_code
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for dns_query
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tls_sni
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tls_cert_issuer
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tls_cert_subject
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tls_cert_serial
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for dce_stub_data
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for dce_stub_data
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for ssh_protocol
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for ssh_protocol
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for ssh_software
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for ssh_software
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for file_data
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for file_data
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_request_line
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_response_line
20/9/2019 -- 08:39:15 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
20/9/2019 -- 08:39:15 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
20/9/2019 -- 08:39:15 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
20/9/2019 -- 08:39:15 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
20/9/2019 -- 08:39:15 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
20/9/2019 -- 08:39:15 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
20/9/2019 -- 08:39:15 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
20/9/2019 -- 08:39:15 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
20/9/2019 -- 08:39:21 - <Perf> - Unique rule groups: 104
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toserver TCP packet": 35
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toclient TCP packet": 17
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toserver TCP stream": 33
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toclient TCP stream": 19
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toserver UDP packet": 27
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toclient UDP packet": 17
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "other IP packet": 3
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_uri": 14
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_request_line": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_response_line": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_header": 10
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_header": 6
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_header_names": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_accept": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_referer": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_content_len": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_content_type": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_content_type": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_protocol": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_start": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_method": 5
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_cookie": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_cookie": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_host": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver dns_query": 4
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver tls_sni": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver file_data": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient file_data": 7
20/9/2019 -- 08:39:24 - <Perf> - Registered 39590 rule profiling counters.
20/9/2019 -- 08:39:24 - <Info> - fast output device (regular) initialized: alert
20/9/2019 -- 08:39:24 - <Info> - eve-log output device (regular) initialized: eve.json
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'alert'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'http'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'dns'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'tls'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'files'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'ssh'
20/9/2019 -- 08:39:24 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
20/9/2019 -- 08:39:24 - <Info> - stats output device (regular) initialized: stats.log
20/9/2019 -- 08:39:24 - <Config> - AutoFP mode using "Hash" flow load balancer
20/9/2019 -- 08:39:24 - <Info> - reading pcap file /var/pcap/09202019.0838-network.pcap
20/9/2019 -- 08:39:24 - <Config> - using 1 flow manager threads
20/9/2019 -- 08:39:24 - <Config

This file has been truncated. Go here to download in full.


stats.log - (3080 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
------------------------------------------------------------------------------------
Date: 9/20/2019 -- 08:39:24 (uptime: 0d, 00h 00m 00s)
------------------------------------------------------------------------------------
Counter                  | TM Name          | Value
------------------------------------------------------------------------------------
decoder.pkts                | Total           | 1390
decoder.bytes               | Total           | 1163279
decoder.ipv4                | Total           | 1203
decoder.ipv6                | Total           | 106
decoder.ethernet              | Total           | 1390
decoder.tcp                | Total           | 1003
decoder.udp                | Total           | 276
decoder.icmpv6               | Total           | 30
decoder.avg_pkt_size            | Total           | 836
decoder.max_pkt_size            | Total           | 1514
flow.tcp                  | Total           | 43
flow.udp                  | Total           | 95
flow.icmpv6                | Total           | 26
tcp.sessions                | Total           | 43
tcp.syn                  | Total           | 43
tcp.synack                 | Total           | 43
tcp.rst                  | Total           | 30
tcp.overlap                | Total           | 6
detect.alert                | Total           | 8
detect.mpm_list              | Total           | 7
detect.nonmpm_list             | Total           | 2
detect.match_list             | Total           | 8
app_layer.flow.http            | Total           | 34
app_layer.tx.http             | Total           | 38
app_layer.flow.tls             | Total           | 2
app_layer.flow.dns_udp           | Total           | 18
app_layer.tx.dns_udp            | Total           | 18
app_layer.flow.failed_udp         | Total           | 77
flow_mgr.new_pruned            | Total           | 2
flow.spare                 | Total           | 10000
flow_mgr.rows_checked           | Total           | 65536
flow_mgr.rows_skipped           | Total           | 65536
tcp.memuse                 | Total           | 573440
tcp.reassembly_memuse           | Total           | 81920
flow.memuse                | Total           | 7078912


suricata-4.0.0-etpro-all-alert-2019-09-20-T-08-39-25-09202019.0838-network.pcap.txt - (1673 bytes) - download
1
2
3
4
5
6
7
8
09/20/2019-00:03:29.141140 [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 134.0.10.197:80 -> 192.168.240.30:49294
09/20/2019-00:03:29.141140 [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 134.0.10.197:80 -> 192.168.240.30:49294
09/20/2019-00:03:29.141140 [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 134.0.10.197:80 -> 192.168.240.30:49294
09/20/2019-00:03:30.769480 [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 134.0.10.197:80 -> 192.168.240.30:49294
09/20/2019-00:05:26.113323 [**] [1:2404308:4989] ET CNC Feodo Tracker Reported CnC Server group 9 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.30:49316 -> 190.13.146.47:443
09/20/2019-00:05:52.575503 [**] [1:2013926:8] ET POLICY HTTP traffic on port 443 (POST) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.30:49316 -> 190.13.146.47:443
09/20/2019-00:06:28.628327 [**] [1:2404311:4989] ET CNC Feodo Tracker Reported CnC Server group 12 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.30:49320 -> 203.150.19.63:443
09/20/2019-00:06:36.689263 [**] [1:2013926:8] ET POLICY HTTP traffic on port 443 (POST) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.30:49320 -> 203.150.19.63:443


eve.json - (72153 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{"timestamp":"2019-09-20T00:03:26.098638+0000","flow_id":1486888004125006,"pcap_cnt":7,"event_type":"dns","src_ip":"192.168.240.30","src_port":49956,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60398,"rrname":"www.brooklynlilly.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:26.124608+0000","flow_id":1486888004125006,"pcap_cnt":8,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":49956,"proto":"UDP","dns":{"type":"answer","id":60398,"rcode":"NOERROR","rrname":"www.brooklynlilly.com","rrtype":"A","ttl":1799,"rdata":"165.22.12.103"}}
{"timestamp":"2019-09-20T00:03:26.515411+0000","flow_id":1890995034578259,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.240.30","src_port":60625,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57409,"rrname":"blog.internationalfertilityacademy.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:26.539103+0000","flow_id":1890995034578259,"pcap_cnt":22,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":60625,"proto":"UDP","dns":{"type":"answer","id":57409,"rcode":"NOERROR","rrname":"blog.internationalfertilityacademy.com","rrtype":"A","ttl":3599,"rdata":"88.99.167.17"}}
{"timestamp":"2019-09-20T00:03:26.831668+0000","flow_id":1038553547949170,"pcap_cnt":31,"event_type":"http","src_ip":"192.168.240.30","src_port":49288,"dest_ip":"88.99.167.17","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"blog.internationalfertilityacademy.com","url":"\/wp-content\/plugins\/classic-editor\/jzbNbooyL\/","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T00:03:28.424320+0000","flow_id":1610482130647424,"pcap_cnt":32,"event_type":"dns","src_ip":"192.168.240.30","src_port":49767,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54101,"rrname":"marcofama.it","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:26.870080+0000","flow_id":1610482130647424,"pcap_cnt":33,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":49767,"proto":"UDP","dns":{"type":"answer","id":54101,"rcode":"NOERROR","rrname":"marcofama.it","rrtype":"A","ttl":299,"rdata":"5.134.124.81"}}
{"timestamp":"2019-09-20T00:03:28.976033+0000","flow_id":492154251005860,"pcap_cnt":40,"event_type":"http","src_ip":"192.168.240.30","src_port":49289,"dest_ip":"5.134.124.81","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"marcofama.it","url":"\/mail-icons\/lwnei7-dxih50s9p-883209316\/","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T00:03:27.410393+0000","flow_id":1769778172609305,"pcap_cnt":41,"event_type":"dns","src_ip":"192.168.240.30","src_port":62699,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6861,"rrname":"www.marcofama.it","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:27.424030+0000","flow_id":1769778172609305,"pcap_cnt":42,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":62699,"proto":"UDP","dns":{"type":"answer","id":6861,"rcode":"NOERROR","rrname":"www.marcofama.it","rrtype":"CNAME","ttl":299,"rdata":"marcofama.it"}}
{"timestamp":"2019-09-20T00:03:27.424030+0000","flow_id":1769778172609305,"pcap_cnt":42,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":62699,"proto":"UDP","dns":{"type":"answer","id":6861,"rcode":"NOERROR","rrname":"marcofama.it","rrtype":"A","ttl":299,"rdata":"5.134.124.81"}}
{"timestamp":"2019-09-20T00:03:28.250345+0000","flow_id":1388690019418470,"pcap_cnt":71,"event_type":"http","src_ip":"192.168.240.30","src_port":49290,"dest_ip":"5.134.124.81","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.marcofama.it","url":"\/mail-icons\/lwnei7-dxih50s9p-883209316\/","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T00:03:28.261246+0000","flow_id":1432256020282494,"pcap_cnt":74,"event_type":"dns","src_ip":"192.168.240.30","src_port":57355,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54988,"rrname":"think1.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:28.302010+0000","flow_id":1432256020282494,"pcap_cnt":75,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":57355,"proto":"UDP","dns":{"type":"answer","id":54988,"rcode":"NOERROR","rrname":"think1.com","rrtype":"A","ttl":3599,"rdata":"45.33.37.47"}}
{"timestamp":"2019-09-20T00:03:28.331103+0000","flow_id":1109882217434463,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.240.30","src_port":54235,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5556,"rrname":"drapart.org","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:28.484375+0000","flow_id":1109882217434463,"pcap_cnt":95,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":54235,"proto":"UDP","dns":{"type":"answer","id":5556,"rcode":"NOERROR","rrname":"drapart.org","rrtype":"A","ttl":899,"rdata":"134.0.10.197"}}
{"timestamp":"2019-09-20T00:03:28.498321+0000","flow_id":2148798299203666,"pcap_cnt":98,"event_type":"http","src_ip":"192.168.240.30","src_port":49291,"dest_ip":"45.33.37.47","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"think1.com","url":"\/wp-content\/ktTAcbN\/","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T00:03:29.141140+0000","flow_id":1500687734211788,"pcap_cnt":132,"event_type":"alert","src_ip":"134.0.10.197","src_port":80,"dest_ip":"192.168.240.30","dest_port":49294,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-20T00:03:29.141140+0000","flow_id":1500687734211788,"pcap_cnt":132,"event_type":"alert","src_ip":"134.0.10.197","src_port":80,"dest_ip":"192.168.240.30","dest_port":49294,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-09-20T00:03:29.141140+0000","flow_id":1500687734211788,"pcap_cnt":132,"event_type":"alert","src_ip":"134.0.10.197","src_port":80,"dest_ip":"192.168.240.30","dest_port":49294,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014520,"rev":6,"signature":"ET INFO EXE - Served Attached HTTP","category":"Misc activity","severity":3}}
{"timestamp":"2019-09-20T00:03:30.769480+0000","flow_id":1500687734211788,"pcap_cnt":363,"event_type":"alert","src_ip":"134.0.10.197","src_port":80,"dest_ip":"192.168.240.30","dest_port":49294,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-09-20T00:03:31.215018+0000","flow_id":1500687734211788,"pcap_cnt":463,"event_type":"http","src_ip":"192.168.240.30","src_port":49294,"dest_ip":"134.0.10.197","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"drapart.org","url":"\/Prensa\/k0viv68-5v5-2137\/","http_content_type":"application\/octet-stream"}}
{"timestamp":"2019-09-20T00:04:06.110185+0000","flow_id":1926331880542999,"pcap_cnt":487,"event_type":"http","src_ip":"fe80:0000:0000:0000:3884:a01c:b918:bb37","src_port":49295,"dest_ip":"fe80:0000:0000:0000:201f:4af1:c8da:cb95","dest_port":2869,"proto":"TCP","tx_id":0,"http":{"hostname":"[fe80::201f:4af1:c8da:cb95]","url":"\/upnphost\/udhisapi.dll?content=uuid:1afae495-5c1f-43eb-b508-8395c601874e","http_user_agent":"FDSSDP","http_content_type":"text\/xml"}}
{"timestamp":"2019-09-20T00:04:16.379476+0000","flow_id":1566956935234447,"pcap_cnt":511,"event_type":"http","src_ip":"192.168.240.30","src_port":49296,"dest_ip":"192.168.240.87","dest_port":2869,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.87","url":"\/upnphost\/udhisapi.dll?content=uuid:1afae495-5c1f-43eb-b508-8395c601874e","http_user_agent":"FDSSDP","http_content_type":"text\/xml"}}
{"timestamp":"2019-09-20T00:04:22.628493+0000","flow_id":474029492698983,"pcap_cnt":532,"event_type":"fileinfo","src_ip":"192.168.240.30","src_port":49297,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:22.628722+0000","flow_id":474029492698983,"pcap_cnt":534,"event_type":"http","src_ip":"192.168.240.30","src_port":49297,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-20T00:04:22.681127+0000","flow_id":474029492698983,"pcap_cnt":536,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":5357,"dest_ip":"192.168.240.30","dest_port":49297,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:26.599441+0000","flow_id":1566956935234447,"pcap_cnt":604,"event_type":"fileinfo","src_ip":"192.168.240.87","src_port":2869,"dest_ip":"192.168.240.30","dest_port":49296,"proto":"TCP","http":{"hostname":"192.168.240.87","url":"\/upnphost\/udhisapi.dll?content=uuid:1afae495-5c1f-43eb-b508-8395c601874e","http_user_agent":"FDSSDP","http_content_type":"text\/xml","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":5677},"app_proto":"http","fileinfo":{"filename":"\/upnphost\/udhisapi.dll","gaps":false,"state":"CLOSED","stored":false,"size":5677,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:26.668916+0000","flow_id":1909055375943270,"pcap_cnt":613,"event_type":"fileinfo","src_ip":"192.168.240.30","src_port":49298,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:26.669464+0000","flow_id":1909055375943270,"pcap_cnt":615,"event_type":"http","src_ip":"192.168.240.30","src_port":49298,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-20T00:04:26.671372+0000","flow_id":1909055375943270,"pcap_cnt":617,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":5357,"dest_ip":"192.168.240.30","dest_port":49298,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:39.438296+0000","flow_id":1156237804154904,"pcap_cnt":622,"event_type":"dns","src_ip":"192.168.240.30","src_port":49656,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56954,"rrname":"settings-win.data.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:04:39.450552+0000","flow_id":1156237804154904,"pcap_cnt":623,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":49656,"proto":"UDP","dns":{"type":"answer","id":56954,"rcode":"NOERROR","rrname":"settings-win.data.microsoft.com","rrtype":"CNAME","ttl":342,"rdata":"settingsfd-geo.trafficmanager.net"}}
{"timestamp":"2019-09-20T00:04:39.450552+0000","flow_id":1156237804154904,"pcap_cnt":623,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":49656,"proto":"UDP","dns":{"type":"answer","id":56954,"rcode":"NOERROR","rrname":"settingsfd-geo.trafficmanager.net","rrtype":"A","ttl":29,"rdata":"51.143.106.177"}}
{"timestamp":"2019-09-20T00:04:39.500271+0000","flow_id":2090365273761495,"pcap_cnt":631,"event_type":"tls","src_ip":"192.168.240.30","src_port":49299,"dest_ip":"51.143.106.177","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=settings-win.data.microsoft.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011"}}
{"timestamp":"2019-09-20T00:04:39.426242+0000","flow_id":1589030921142530,"pcap_cnt":634,"event_type":"dns","src_ip":"192.168.240.30","src_port":55251,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18305,"rrname":"ctldl.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"ctldl.windowsupdate.com","rrtype":"CNAME","ttl":541,"rdata":"audownload.windowsupdate.nsatc.net"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"audownload.windowsupdate.nsatc.net","rrtype":"CNAME","ttl":283,"rdata":"auto.au.download.windowsupdate.com.c.footprint.net"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"67.24.195.254"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"67.24.189.254"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"8.253.112.121"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"67.24.187.254"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"8.249.119.254"}}
{"timestamp":"2019-09-20T00:04:39.659949+0000","flow_id":1084142483114432,"pcap_c

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-09-20-T-08-39-25-09202019.0838-network.pcap.txt - (74966 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 --------------------------------------------------------------------------
 Date: 9/20/2019 -- 08:39:24. Sorted by: max ticks.
 --------------------------------------------------------------------------
  Num   Rule     Gid   Rev   Ticks    %   Checks  Matches Max Ticks  Avg Ticks  Avg Match  Avg No Match
 -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
 1    2017552   1    6    37016602   16.31 159   0    32561542  232808.82  0.00    232808.82 
 2    2014704   1    7    12990190   5.73  25    0    12370452  519607.60  0.00    519607.60 
 3    2803027   1    6    13490292   5.95  18    0    10011798  749460.67  0.00    749460.67 
 4    2815453   1    4    3680178   1.62  3    0    1940284   1226726.00 0.00    1226726.00 
 5    2008575   1    5    4586666   2.02  291   0    863986   15761.74  0.00    15761.74  
 6    2018342   1    2    1039832   0.46  3    0    548494   346610.67  0.00    346610.67 
 7    2801929   1    7    2729008   1.20  13    0    472278   209923.69  0.00    209923.69 
 8    2001330   1    8    2468848   1.09  406   0    438926   6080.91   0.00    6080.91  
 9    2828748   1    2    1028034   0.45  120   0    428220   8566.95   0.00    8566.95  
 10    2801930   1    7    2438450   1.07  13    0    406952   187573.08  0.00    187573.08 
 11    2802987   1    5    4138982   1.82  27    0    405238   153295.63  0.00    153295.63 
 12    2820157   1    2    1413714   0.62  6    0    319332   235619.00  0.00    235619.00 
 13    2820158   1    2    1410038   0.62  6    0    315442   235006.33  0.00    235006.33 
 14    2804911   1    3    736714    0.32  5    0    304014   147342.80  0.00    147342.80 
 15    2811745   1    4    595008    0.26  3    0    302642   198336.00  0.00    198336.00 
 16    2819930   1    2    1334584   0.59  7    0    281884   190654.86  0.00    190654.86 
 17    2819664   1    2    1404930   0.62  7    0    269538   200704.29  0.00    200704.29 
 18    2804927   1    2    864538    0.38  5    0    254840   172907.60  0.00    172907.60 
 19    2021749   1    6    444254    0.20  2    0    248832   222127.00  0.00    222127.00 
 20    2016855   1    2    246250    0.11  1    0    246250   246250.00  0.00    246250.00 
 21    2020865   1    3    232108    0.10  1    0    232108   232108.00  0.00    232108.00 
 22    2814978   1    2    423310    0.19  10    0    217180   42331.00  0.00    42331.00  
 23    2804907   1    3    670512    0.30  7    0    215328   95787.43  0.00    95787.43  
 24    2822213   1    2    397706    0.18  10    0    207992   39770.60  0.00    39770.60  
 25    2021529   1    3    315836    0.14  2    0    206612   157918.00  0.00    157918.00 
 26    2016854   1    3    204504    0.09  1    0    204504   204504.00  0.00    204504.00 
 27    2814979   1    2    371730    0.16  10    0    193466   37173.00  0.00    37173.00  
 28    2804906   1    3    359048    0.16  4    0    191230   89762.00  0.00    89762.00  
 29    2803657   1    5    505672    0.22  4    0    183704   126418.00  0.00    126418.00 
 30    2023679   1    3    289064    0.13  5    0    179296   57812.80  0.00    57812.80  
 31    2020569   1    1    446938    0.20  4    0    176614   111734.50  0.00    111734.50 
 32    2807400   1    3    421154    0.19  4    0    161634   105288.50  0.00    105288.50 
 33    2802991   1    5    639330    0.28  6    0    156220   106555.00  0.00    106555.00 
 34    2816909   1    2    505532    0.22  4    0    155094   126383.00  0.00    126383.00 
 35    2827094   1    2    253088    0.11  2    0    154370   126544.00  0.00    126544.00 
 36    2018005   1    6    308990    0.14  10    0    149238   30899.00  0.00    30899.00  
 37    2808234   1    1    386544    0.17  4    0    145950   96636.00  0.00    96636.00  
 38    2805985   1    2    413498    0.18  4    0    145828   103374.50  0.00    103374.50 
 39    2018982   1    2    416600    0.18  4    0    145460   104150.00  0.00    104150.00 
 40    2022050   1    3    398278    0.18  4    0    145266   99569.50  0.00    99569.50  
 41    2821082   1    2    231186    0.10  2    0    142458   115593.00  0.00    115593.00 
 42    2816165   1    5    1911744   0.84  38    0    138616   50309.05  0.00    50309.05  
 43    2012970   1    2    137348    0.06  1    0    137348   137348.00  0.00    137348.00 
 44    2019230   1    2    584520    0.26  30    0    134514   19484.00  0.00    19484.00  
 45    2816356   1    2    745254    0.33  12    0    133634   62104.50  0.00    62104.50  
 46    2011894   1    19    324642    0.14  4    0    131804   81160.50  0.00    81160.50  
 47    2816910   1    2    442150    0.19  4    0    131424   110537.50  0.00    110537.50 
 48    2023711   1    2    147842    0.07  5    0    127794   29568.40  0.00    29568.40  
 49    2023083   1    2    344128    0.15  5    0    126382   68825.60  0.00    68825.60  
 50    2102523   1    8    419534    0.18  60    0    125596   6992.23   0.00    6992.23  
 51    2809850   1    2    263962    0.12  4    0    122232   65990.50  0.00    65990.50  
 52    2820600   1    2    222034    0.10  2    0    121904   111017.00  0.00    111017.00 
 53    2016333   1    4    290584    0.13  3    0    120316   96861.33  0.00    96861.33  
 54    2816895   1    2    371736    0.16  7    0    119874   53105.14  0.00    53105.14  
 55    2802880   1    3    409536    0.18  5    0    119636   81907.20  0.00    81907.20  
 56    2820851   1    5    290410    0.13  4    0    117250   72602.50  0.00    72602.50  
 57    2816922   1    5    275526    0.12  4    0    116564   68881.50  0.00    68881.50  
 58    2016537   1    2    3499878   1.54  126   5    115448   27776.81  107092.40  24499.31  
 59    2023818   1    2    196526    0.09  2    2    114864   98263.00  98263.00  0.00    
 60    2015744   1    4    117942    0.05  2    1    113314   58971.00  113314.00  4628.00  
 61    2018241   1    2    145498    0.06  5    0    111546   29099.60  0.00    29099.60  
 62    2018375   1    3    431664    0.19  15    0    110978   28777.60  0.00    28777.60  
 63    2025142   1    2    958300    0.42  12    0    110928   79858.33  0.00    79858.33  
 64    2826727   1    2    302856    0.13  3    0    110428   100952.00  0.00    100952.00 
 65    2826256   1    2    1583872   0.70  38    0    110398   41680.84  0.00    41680.84  
 66    2830035   1    2    351502    0.15  5    0    110014   70300.40  0.00    70300.40  
 67    2809267   1    8    302828    0.13  5    0    109796   60565.60  0.00    60565.60  
 68    2811447   1    2    1613768   0.71  55    0    108888   29341.24  0.00    29341.24  
 69    2821561   1    2    1098786   0.48  21    0    107814   52323.14  0.00    52323.14  
 70    2816526   1    13    280354    0.12  4    0    106418   70088.50  0.00    70088.50  
 71    2815254   1    7    609280    0.27  8    0    106036   76160.00  0.00    76160.00  
 72    2024138   1    2    105510    0.05  1    0    105510   105510.00  0.00    105510.00 
 73    2821615   1    2    1370588   0.60  26    0    105278   52714.92  0.00    52714.92  
 74    2009909   1    10    331210    0.15  4    0    103710   82802.50  0.00    82802.50  
 75    2003068   1    7    199190    0.09  17    0    103056   11717.06  0.00    11717.06  
 76    2021067   1    2    868118    0.38  16    0    102516   54257.38  0.00    54257.38  
 77    2816940   1    2    371988    0.16  4    0    102024   92997.00  0.00    92997.00  
 78    2017166   1    4    230324    0.10  3    0    101660   76774.67  0.00    76774.67  
 79    2830124   1    1    423956    0.19  5    0    100110   84791.20  0.00    84791.20  
 80    2009028   1    11    119904    0.05  5    0    99668    23980.80  0.00    23980.80  
 81    2014701   1    12    869476    0.38  36    0    98288    24152.11  0.00    24152.11  
 82    2816669   1    4    1012448   0.45  21    0    98112    48211.81  0.00    48211.81  
 83    2022053   1    2    191438    0.08  5    0    97256    38287.60  0.00    38287.60  
 84    2013441   1    9    327926    0.14  4    0    96816    81981.50  0.00    81981.50  
 85    2815659   1    3    185180    0.08  2    2    96378    92590.00  92590.00  0.00    
 86    2816327   1    4    264002    0.12  4    0    94972    66000.50  0.00    66000.50  
 87    2017613   1    9    285370    0.13  4    0    94464    71342.50  0.00    71342.50  
 88    2823144   1    2    92784    0.04  1    0    92784    92784.00  0.00    92784.00  
 89    2828986   1    2    369004    0.16  16    0    91580    23062.75  0.00    23062.75  
 90    2018959   1    3    114896    0.05  5    1    91346    22979.20  91346.00  5887.50  
 91    2815817   1    5    257030    0.11  4    0    91308    64257.50  0.00    64257.50  
 92    2013352   1    4    112356    0.05  5    0    90672    22471.20  0.00    22471.20  
 93    2811399   1    2    272732    0.12  7    0    90020    38961.71  0.00    38961.71  
 94    2022207   1    4    268782    0.12  4    0    89852    67195.50  0.00    67195.50  
 95    2014353   1    6    109444    0.05  5    0    89402    21888.80  0.00    21888.80  
 96    2815481   1    6    708954    0.31  12    0    89324    59079.50  0.00    59079.50  
 97    2828122   1    2    286042    0.13  4    0    89132    71510.50  0.00    71510.50  
 98    2803348   1    4    88940    0.04  1    0    88940    88940.00  0.00    88940.00  
 99    2018358   1    7    292010    0.13  4    0    88630    73002.50  0.00    73002.50  
 100   2823159   1    2    88094    0.04  1    0    88094    88094.00  0.00    88094.00  
 101   2021070   1    2    87918    0.04  1    0    87918    87918.00  0.00    87918.00  
 102   2821014   1    13    87526    0.04  1    0    87526    87526.00  0.00    87526.00  
 103   2816929   1    4    297194    0.13  4    0    87474    74298.50  0.00    74298.50  
 104   2025064   1    5    293430    0.13  4    0    87222    73357.50  0.00    73357.50  
 105   2018452   1    15    275354    0.12  4    0    86874    68838.50  0.00    68838.50  
 106   2018457   1    1    165202    0.07  4    0    86858    41300.50  0.00    41300.50  
 107   2815664   1    3    167448    0.07  2    0    86806    83724.00  0.00    83724.00  
 108   2826281   1    2    545970    0.24  18    0    86592    30331.67  0.00    30331.67  
 109   2819680   1    2    168394    0.07  2    0    86506    84197.00  0.00    84197.00  
 110   2009897   1    14    281534    0.12  4    0    84782    70383.50  0.00    70383.50  
 111   2024133   1    2    84102    0.04  1    0    84102    84102.00  0.00    84102.00  
 112   2021038   1    4    240326    0.11  4    0    83590    60081.50  0.00    60081.50  
 113   2804508   1    2    81958    0.04  1    0    81958    81958.00  0.00    81958.00  
 114   2815754   1    2    723560    0.32  12    0    81658    60296.67  0.00    60296.67  
 115   2018789   1    3    433024    0.19  10    0    80790    43302.40  0.00    43302.40  
 116   2802876   1    3    256764    0.11  4    0    80144    64191.00  0.00    64191.00  
 117   2802881   1    3    159360    0.07  2    0    80042    79680.00  0.00    79680.00  
 118   2816928   1    3    247718    0.11  4    0    79676    61929.50  0.00    61929.50  
 119   2024767   1    2    235902    0.10  4    0    79214    58975.50  0.00    58975.50  
 120   2828060   1    4    311686    0.14  6    0    78246    51947.67  0.00    51947.67  
 121   2830036   1    1    975008    0.43  29    0    77410    33620.97  0.00    33620.97  
 122   2019881   1    3    229066    0.10  4    0    77096    57266.50  0.00    57266.50  
 123   2023875   1    2    267544    0.12  4    0    76308    66886.00  0.00    66886.00  
 124   2816525   1    10    247224    0.11  4    0    76176    61806.00  0.00    61806.00  
 125   2819857   1    1    2

This file has been truncated. Go here to download in full.


keyword_perf.log - (16020 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
 --------------------------------------------------------------------------------------------------------------------------------
 Date: 9/20/2019 -- 08:39:24
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: total
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 flow       10512098    1783      1783      35380      5895.00     5895.00     0.00      
 threshold    35112      2        2        25496      17556.00    17556.00    0.00      
 content     65191336    2785      1230      32523010    23408.00    12133.00    32325.00    
 pcre       3324300     407       34       78294      8167.00     13528.00    7679.00    
 byte_test    2275998     411       135       121498     5537.00     5840.00     5389.00    
 byte_jump    156436     29       14       15652      5394.00     5892.00     4929.00    
 isdataat     90826      18       0        6616      5045.00     0.00      5045.00    
 flowbits     2419052     434       55       135474     5573.00     5681.00     5558.00    
 urilen      1063648     181       70       30310      5876.00     6085.00     5744.00    
 byte_extract   44292      4        4        30120      11073.00    11073.00    0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: packet
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 flow       10512098    1783      1783      35380      5895.00     5895.00     0.00      
 flowbits     2309248     420       41       135474     5498.00     4942.00     5558.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: packet/stream payload
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     16348584    997       375       218220     16397.00    21308.00    13437.00    
 pcre       422572     41       4        78294      10306.00    27532.00    8444.00    
 byte_test    2275998     411       135       121498     5537.00     5840.00     5389.00    
 byte_jump    113486     21       6        15652      5404.00     6590.00     4929.00    
 isdataat     90826      18       0        6616      5045.00     0.00      5045.00    
 byte_extract   44292      4        4        30120      11073.00    11073.00    0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: post-match
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 flowbits     109804     14       14       12652      7843.00     7843.00     0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: threshold
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 threshold    35112      2        2        25496      17556.00    17556.00    0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_uri
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     33946638    228       67       32523010    148888.00    6182.00     208275.00   
 pcre       623782     52       2        61048      11995.00    10676.00    12048.00    
 urilen      1063648     181       70       30310      5876.00     6085.00     5744.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_client_body
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     963506     128       24       39832      7527.00     11510.00    6608.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_response_line
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     143146     28       0        6238      5112.00     0.00      5112.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: file_data
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     6235086     202       58       286626     30866.00    29205.00    31535.00    
 pcre       1288738     227       0        68312      5677.00     0.00      5677.00    
 byte_jump    42950      8        8        7122      5368.00     5368.00     0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_header
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     5316354     835       516       31410      6366.00     6494.00     6160.00    
 pcre       890102     78       20       39676      11411.00    12649.00    10984.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_header_names
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     981642     166       74       26518      5913.00     6036.00     5814.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_connection
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     76396      12       0        20154      6366.00     0.00      6366.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_content_type
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     101380     14       14       28008      7241.00     7241.00     0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_raw_header
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     7396      1        0        7396      7396.00     0.00      7396.00    
 pcre       23612      1        0        23612      23612.00    0.00      23612.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_method
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     202348     34       23       11726      5951.00     5570.00     6748.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_user_agent
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     769772     124       72       23280      6207.00     6751.00     5455.00    
 pcre       75494      8        8        19536      9436.00     9436.00     0.00      
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_stat_msg
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     5190      1        0        5190      5190.00     0.00      5190.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: http_stat_code
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     67880      13       7        6508      5221.00     5140.00     5316.00    
 --------------------------------------------------------------------------------------------------------------------------------
 Stats for: tls_cert_subject
 --------------------------------------------------------------------------------------------------------------------------------
 Keyword     Ticks      Checks     Matches     Max Ticks    Avg       Avg Match    Avg No Match  
 ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
 content     26018      2        0        20914      13009.00    0.00      13009.00    


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-09-20 08:39:00,146 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-20 08:39:00,993 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-20 08:39:00,993 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-20 08:39:00,993 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-20 08:39:00,993 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-20 08:39:00,994 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dc3a62becde112f824b78127ad5e6b3b56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09202019.0838-network.pcap -vvv -k none
2019-09-20 08:39:25,013 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-20 08:39:25,013 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.8765320778