Filename: network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 25.1063690186 seconds
Hash: dc3a62becde112f824b78127ad5e6b3b
Uploaded: 1568968739

Logfiles


unified2.alert.1568968764 - (46692 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
4]„Q'TΏ!†
ÅÀ¨ðPÀŽÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPvIèeƒÄPM˜è‰jMè?EPMÐQ•(ÿÿÿR諃ÄPM¨è_EPMØQ• ÿÿÿR苃ÄPM°è?EPMÈQ•ÿÿÿRèkƒÄPM èEPMèQ•ÿÿÿRèKƒÄPMÀèÿEPMàQ•ÿÿÿRè+ƒÄPM¸èßjjE°PÿÿÿQè+ƒÄPU RE¨PMÀQU¸R…øþÿÿPè[ƒÄPðþÿÿQèKƒÄP•èþÿÿRè;ƒÄP…àþÿÿPè+ƒÄPØþÿÿQè;ƒÄPUR…ÐþÿÿPè—ƒÄPM˜èkjMèjMQUÐR…ÈþÿÿPèkƒÄPÀþÿÿQèëƒÄPM¨èjUREØP¸þÿÿQè9ƒÄP•°þÿÿR蹃ÄPM°èÝjEPMÈQ•¨þÿÿRèƒÄP… þÿÿP臃ÄPM è«jMQUèR…˜þÿÿPèÕƒÄPþÿÿQèUƒÄPMÀèyjUREàPˆþÿÿQ裃ÄP•€þÿÿRè#ƒÄPM¸èGjE°PxþÿÿQ蕃ÄPU RE¨PMÀQU¸R…pþÿÿPèŃÄPhþÿÿQ赃ÄP•`þÿÿR襃ÄP…XþÿÿP蕃ÄPMQ•PþÿÿRèƒÄPM˜èåM˜èý‹Mð‰‰Q‹UðƒÂ‰Uðj
Mè‹EŒƒè‰EŒƒ}Œuûÿÿ‹Mø‹QT‹EðЉMð‹Uôƒê‰Uôƒ}ôJûÿÿ‹Mü3Í裋å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹EƒÀP‹MQ‹MüƒÁèk‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹MüƒÁè~Îÿÿ‹å]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹Eü‹Mo‹Eü‹å]ÂÌÌÌÌU‹ìQ‰Mü‹Eü‹M‰‹U‰P‹Eü‹å]ÂÌÌU‹ìQ‰Mü‹Mü‹‹Q‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoÑÈMð‹MøoEð‹Eø‹Mü3Íè’‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoñÈMð‹MøoEð‹Eø‹Mü3Íè2‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kè>o‹Møo	ëÈMè‹UøoEè‹Eø‹Mü3ÍèÇ‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹Müo‹E‹å]ÂÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‹Co‹Ko	ÝÈMðoÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPFPEð‹Kè‹C‹Mü3ÍèA‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEüEð‰Mì‹EìoEð‹Eì‹Mü3Íèï‹å]‹ã[wÃÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèèùþÿÿooMèñÁEàoEà‹Kè_ÿÿÿ‹C‹Mü3Íè‚‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèè‰þÿÿooMèÑÁEàoEà‹Kèïþÿÿ‹C‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì(¡øáD3ʼnEüEðP‹Kè!þÿÿoMèQ‹KEàèþÿÿooMàÛÁEØoE؋Kètþÿÿ‹C‹Mü3Íè—‹å]‹ã[ÃU‹ìƒìV‰Mø‹MøèÒÿÿ‰Eü‹Møèüÿÿ™ƒâÂÁø‹Mø‰AL‹EüƒÀkÀ™ƒâÂÁø‹Uø‰BPjj‹Møè°ûÿÿ‹ðj‹EüP‹Møè ûÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒìx¡øáD3ʼnEü‰Mø‹Møè’Ñÿÿ‰Eôjj‹MøèCûÿÿ‰EðMèèØÎÿÿMàèÐÎÿÿMØèÈÎÿÿMÐèÀÎÿÿMÈè¸ÎÿÿMÀè°ÎÿÿhMèèóMØè;‹Eø‹HP‰M¼‹Uð‰U¸‹Eð‹QMÀè΋U¸‹BPMàè¿‹Mø‹QL÷ڋEð‹QMÐ訋Uø‹BL‹Mð‹RMÈè“jjEÀPM°QèBýÿÿƒÄPUàREØPMÐQUÈRE¨PèuüÿÿƒÄPM QèhüÿÿƒÄPU˜Rè[üÿÿƒÄPEPèNüÿÿƒÄPMˆQèaýÿÿƒÄPMÐè…úÿÿ‹U¸‹BPMØèMÐ讋Mð‰‹UðƒÂ‰Uð‹E¼ƒè‰E¼ƒ}¼ÿÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ôàþÿÿ‹Mü3Íèa‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøïÀEð‹EøoEð‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰Mø3ÀnÀEðoEð‹Møo	gÈMèoEè~À‹Mü3Í诋å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEü‰Mø3ÀnÀEð‹KnÁEèoEðoMè`ÈMà‹UøoEà‹Mü3ÍèD‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹ƒát
‹U‹ƒÀ‹M‰‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‰Mø‹Møè~Îÿÿ‰Eü‹Møèƒøÿÿ™ƒâÂÁø‹Mø‰Ô]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPê„AL‹EüƒÀ™+ÂÑø‹Uø‰BPjj‹Møè'øÿÿ‹ðj‹EüP‹Møèøÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT‹Uüƒât‹Eø‹HTƒé‹Uø‰JT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ììÀ¡øáD3ʼnEü‰Mø‹MøèïÍÿÿ‰Eôjj‹Møè ÷ÿÿ‰EðMèè5ËÿÿMàè-ËÿÿMØè%ËÿÿMÐèËÿÿMÈèËÿÿMÀè
ËÿÿM¸èËÿÿM°èýÊÿÿM¨èõÊÿÿhMèè8þÿÿMÈè€ýÿÿ‹Eð‹QM¨è"þÿÿ‹Uø‹BP‰E¤‹Mð‹QRMàè
þÿÿ‹Eð‹HQMØèûýÿÿ‹Uø‹BL÷؋Mð‹RM¸èäýÿÿ‹Eø‹HL÷ًUð‹DŠPMÀèÌýÿÿ‹Mø‹QL‹Eð‹QM°è·ýÿÿ‹Uø‹BL‹Mð‹TRMÐè¡ýÿÿjjE¨PM˜QèPùÿÿƒÄPUàREÈPM¸QU°REPèƒøÿÿƒÄPMˆQèvøÿÿƒÄPU€RèiøÿÿƒÄP…xÿÿÿPèYøÿÿƒÄPpÿÿÿQèiùÿÿƒÄPM¸èöÿÿjjUàR…hÿÿÿPèÙøÿÿƒÄPMØQU¨REÀPMÐQ•`ÿÿÿRè	øÿÿƒÄP…XÿÿÿPèù÷ÿÿƒÄPPÿÿÿQèé÷ÿÿƒÄP•HÿÿÿRèÙ÷ÿÿƒÄP…@ÿÿÿPèéøÿÿƒÄPM°è
öÿÿMàQMÈèöÿÿUØRM¨èõõÿÿE°PM¸èY‹Mð‰‰Q‹UðƒÂ‰Uð‹E¤ƒè‰E¤ƒ}¤Lþÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ô!þÿÿ‹Mü3ÍèÙ
‹å]‹ã[ÃÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kèîöÿÿo‹Møo	gÈMè‹Eè‹Uì‹Mü3Íè~
‹å]‹ã[ÂÌÌÌÌÌU‹ìƒì0ÇEü ƒ¸íÇEܐAÜvÇEðÈ n;ÇEàd·ÇEÐ2ˆÛÇEìÄmÇEä,aîÇEô–0wÇEèÇEøÿÿÿÿ‹EE趉Mԃ}Ô„«‹Uø3UԉUø‹EøÁàÁø%–0w‹MøÁáÁùá,aî3Á‹UøÁâÁúâÄm3‹MøÁáÁùá2ˆÛ3Á‹UøÁâÁúâd·3‹MøÁáÁùáÈ n;3Á‹UøÁâÁúâAÜv3‹MøÁáÁùá ƒ¸í3Á‰E؋UøÁê3U؉Uø‹EèƒÀ‰Eèé?ÿÿÿ‹Eø÷Ћå]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQÇEüë‹EüƒÀ‰Eü‹MƒÁ‰M‹U·…Àtëâ‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‹EPè°ÿÿÿƒÄ‹ð‹MQè¢ÿÿÿƒÄ;ðt
¸éÇEüë‹UüƒÂ‰Uü‹EƒÀ‰E‹MƒÁ‰M‹URèdÿÿÿƒÄ9Eüsf‹Ef‹f‰Mø‹Uf‹f‰Eô·MøƒùA|·UøƒúZ·EøƒÀ f‰Eø·MôƒùA|·UôƒúZ·EôƒÀ f‰Eô·Mø·Uô;ÊÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPt¸ëénÿÿÿ3À^‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQd¡0‰Eü‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìèÕÿÿÿ‰Eð‹Eð‹H‰Mô‹Uô‹B‰Eø‹Mô‹Q‰Uü‹EP‹Mü‹Q0RèÇþÿÿƒÄ…Àu‹Eü‹@ë‹Mü‹‰Uü‹Eü;EøuÑ3À‹å]ÃÌÌU‹ìƒì ‹E‰Eì‹Mì‹UQ<‰Uè‹Eè‹MHx‰Mð‹Uð‹EB ‰Eô‹Mð‹UQ‰Uà‹Eð‹MH$‰MäÇEüë	‹UüƒÂ‰Uü‹Eð‹Mü;Hs9‹Uü‹Eô‹M‰Mø‹UøRèÃüÿÿƒÄ;Eu‹Eü‹Mä·A‹Eà‹M‹Áëë³3À‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì,¡øáD3ʼnEôÇEüÇEÔÇEøfÇEØkfÇEÚefÇEÜrfÇEÞnfÇEàefÇEâlfÇEä3fÇEæ2fÇEè.fÇEêdfÇEìlfÇEîlfÇEðh|›ÄoEØPèoþÿÿƒÄPèÆþÿÿƒÄ‰EÔhÿ|ɍMØQèRþÿÿƒÄPè©þÿÿƒÄ‰Eø‹URjj‹EPÿUÔPÿUø‰Eü‹Eü‹Mô3Íè0	‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQƒ}u2Àé”h0æChHæCèÿÿÿƒÄ‰Eüjj‹EPjj‹MQ‹URÿUü…Àu
2000
2Àë`‹E‹ƒÁQè`$ƒÄ‹U‰‹Eƒ8u2Àë>‹M‹ƒÂRj‹E‹Qè3#ƒÄjj‹UR‹E‹Qj‹UR‹EPÿUü…Àu2Àë°‹å]ÃÌÌÌÌÌÌÌU‹ììVDžìùÿÿÇEüë	‹EüƒÀ‰Eü}ü}‹Mü‹Uü‰”ðùÿÿëßÇEüë	‹EüƒÀ‰Eü}ü}n‹Mü‹µìùÿÿ´ðùÿÿ‹Eü3Ò÷u‹E¶ñ‹Æ™¹÷ù‰•ìùÿÿ‹UüŠ„•ðùÿÿˆ…ëùÿÿ‹Mü‹•ìùÿÿ‹„•ðùÿÿ‰„ðùÿÿ¶ëùÿÿ‹•ìùÿÿ‰Œ•ðùÿÿë€ÇEøë	‹EøƒÀ‰Eø‹Mø;Mƒ¦‹EüƒÀ™¹÷ù‰Uü‹Uü‹…ìùÿÿ„•ðùÿÿ™¹÷ù‰•ìùÿÿ‹UüŠ„•ðùÿÿˆ…ëùÿÿ‹Mü‹•ìùÿÿ‹„•ðùÿÿ‰„ðùÿÿ¶ëùÿÿ‹•ìùÿÿ‰Œ•ðùÿÿ‹Eü‹„…ðùÿÿ‹ìùÿÿ„ðùÿÿ™¹÷ù‹EEø¶3Œ•ðùÿÿ‹UUøˆ
éEÿÿÿ‹E^‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìh`æChxæCè»üÿÿƒÄ‰EüÇEøjjjjEøPÿUü…Àu3ÀëjjjjMøQÿUü…Àu3À븋å]ÃÌÌÌÌÌÌÌU‹ìQ‰Müè‹å]ÃU‹ì¸XþC]ÃÌÌÌÌÌÌU‹ìQ‰Müj‹Müè™o‹EüǔþC‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìjÿhYºCd¡P¸0è%1¡øáD3ʼnEÔPEôd£‰(éÿÿh”æCh¤æCèÜûÿÿƒÄ4]„Q'Tņ
ÅÀ¨ðPÀŽÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPvIèeƒÄPM˜è‰jMè?EPMÐQ•(ÿÿÿR諃ÄPM¨è_EPMØQ• ÿÿÿR苃ÄPM°è?EPMÈQ•ÿÿÿRèkƒÄPM èEPMèQ•ÿÿÿRèKƒÄPMÀèÿEPMàQ•ÿÿÿRè+ƒÄPM¸èßjjE°PÿÿÿQè+ƒÄPU RE¨PMÀQU¸R…øþÿÿPè[ƒÄPðþÿÿQèKƒÄP•èþÿÿRè;ƒÄP…àþÿÿPè+ƒÄPØþÿÿQè;ƒÄPUR…ÐþÿÿPè—ƒÄPM˜èkjMèjMQUÐR…ÈþÿÿPèkƒÄPÀþÿÿQèëƒÄPM¨èjUREØP¸þÿÿQè9ƒÄP•°þÿÿR蹃ÄPM°èÝjEPMÈQ•¨þÿÿRèƒÄP… þÿÿP臃ÄPM è«jMQUèR…˜þÿÿPèÕƒÄPþÿÿQèUƒÄPMÀèyjUREàPˆþÿÿQ裃ÄP•€þÿÿRè#ƒÄPM¸èGjE°PxþÿÿQ蕃ÄPU RE¨PMÀQU¸R…pþÿÿPèŃÄPhþÿÿQ赃ÄP•`þÿÿR襃ÄP…XþÿÿP蕃ÄPMQ•PþÿÿRèƒÄPM˜èåM˜èý‹Mð‰‰Q‹UðƒÂ‰Uðj
Mè‹EŒƒè‰EŒƒ}Œuûÿÿ‹Mø‹QT‹EðЉMð‹Uôƒê‰Uôƒ}ôJûÿÿ‹Mü3Í裋å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹EƒÀP‹MQ‹MüƒÁèk‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹MüƒÁè~Îÿÿ‹å]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹Eü‹Mo‹Eü‹å]ÂÌÌÌÌU‹ìQ‰Mü‹Eü‹M‰‹U‰P‹Eü‹å]ÂÌÌU‹ìQ‰Mü‹Mü‹‹Q‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoÑÈMð‹MøoEð‹Eø‹Mü3Íè’‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoñÈMð‹MøoEð‹Eø‹Mü3Íè2‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kè>o‹Møo	ëÈMè‹UøoEè‹Eø‹Mü3ÍèÇ‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹Müo‹E‹å]ÂÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‹Co‹Ko	ÝÈMðoÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPFPEð‹Kè‹C‹Mü3ÍèA‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEüEð‰Mì‹EìoEð‹Eì‹Mü3Íèï‹å]‹ã[wÃÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèèùþÿÿooMèñÁEàoEà‹Kè_ÿÿÿ‹C‹Mü3Íè‚‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèè‰þÿÿooMèÑÁEàoEà‹Kèïþÿÿ‹C‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì(¡øáD3ʼnEüEðP‹Kè!þÿÿoMèQ‹KEàèþÿÿooMàÛÁEØoE؋Kètþÿÿ‹C‹Mü3Íè—‹å]‹ã[ÃU‹ìƒìV‰Mø‹MøèÒÿÿ‰Eü‹Møèüÿÿ™ƒâÂÁø‹Mø‰AL‹EüƒÀkÀ™ƒâÂÁø‹Uø‰BPjj‹Møè°ûÿÿ‹ðj‹EüP‹Møè ûÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒìx¡øáD3ʼnEü‰Mø‹Møè’Ñÿÿ‰Eôjj‹MøèCûÿÿ‰EðMèèØÎÿÿMàèÐÎÿÿMØèÈÎÿÿMÐèÀÎÿÿMÈè¸ÎÿÿMÀè°ÎÿÿhMèèóMØè;‹Eø‹HP‰M¼‹Uð‰U¸‹Eð‹QMÀè΋U¸‹BPMàè¿‹Mø‹QL÷ڋEð‹QMÐ訋Uø‹BL‹Mð‹RMÈè“jjEÀPM°QèBýÿÿƒÄPUàREØPMÐQUÈRE¨PèuüÿÿƒÄPM QèhüÿÿƒÄPU˜Rè[üÿÿƒÄPEPèNüÿÿƒÄPMˆQèaýÿÿƒÄPMÐè…úÿÿ‹U¸‹BPMØèMÐ讋Mð‰‹UðƒÂ‰Uð‹E¼ƒè‰E¼ƒ}¼ÿÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ôàþÿÿ‹Mü3Íèa‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøïÀEð‹EøoEð‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰Mø3ÀnÀEðoEð‹Møo	gÈMèoEè~À‹Mü3Í诋å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEü‰Mø3ÀnÀEð‹KnÁEèoEðoMè`ÈMà‹UøoEà‹Mü3ÍèD‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹ƒát
‹U‹ƒÀ‹M‰‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‰Mø‹Møè~Îÿÿ‰Eü‹Møèƒøÿÿ™ƒâÂÁø‹Mø‰Ô]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPê„AL‹EüƒÀ™+ÂÑø‹Uø‰BPjj‹Møè'øÿÿ‹ðj‹EüP‹Møèøÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT‹Uüƒât‹Eø‹HTƒé‹Uø‰JT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ììÀ¡øáD3ʼnEü‰Mø‹MøèïÍÿÿ‰Eôjj‹Møè ÷ÿÿ‰EðMèè5ËÿÿMàè-ËÿÿMØè%ËÿÿMÐèËÿÿMÈèËÿÿMÀè
ËÿÿM¸èËÿÿM°èýÊÿÿM¨èõÊÿÿhMèè8þÿÿMÈè€ýÿÿ‹Eð‹QM¨è"þÿÿ‹Uø‹BP‰E¤‹Mð‹QRMàè
þÿÿ‹Eð‹HQMØèûýÿÿ‹Uø‹BL÷؋Mð‹RM¸èäýÿÿ‹Eø‹HL÷ًUð‹DŠPMÀèÌýÿÿ‹Mø‹QL‹Eð‹QM°è·ýÿÿ‹Uø‹BL‹Mð‹TRMÐè¡ýÿÿjjE¨PM˜QèPùÿÿƒÄPUàREÈPM¸QU°REPèƒøÿÿƒÄPMˆQèvøÿÿƒÄPU€RèiøÿÿƒÄP…xÿÿÿPèYøÿÿƒÄPpÿÿÿQèiùÿÿƒÄPM¸èöÿÿjjUàR…hÿÿÿPèÙøÿÿƒÄPMØQU¨REÀPMÐQ•`ÿÿÿRè	øÿÿƒÄP…XÿÿÿPèù÷ÿÿƒÄPPÿÿÿQèé÷ÿÿƒÄP•HÿÿÿRèÙ÷ÿÿƒÄP…@ÿÿÿPèéøÿÿƒÄPM°è
öÿÿMàQMÈèöÿÿUØRM¨èõõÿÿE°PM¸èY‹Mð‰‰Q‹UðƒÂ‰Uð‹E¤ƒè‰E¤ƒ}¤Lþÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ô!þÿÿ‹Mü3ÍèÙ
‹å]‹ã[ÃÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kèîöÿÿo‹Møo	gÈMè‹Eè‹Uì‹Mü3Íè~
‹å]‹ã[ÂÌÌÌÌÌU‹ìƒì0ÇEü ƒ¸íÇEܐAÜvÇEðÈ n;ÇEàd·ÇEÐ2ˆÛÇEìÄmÇEä,aîÇEô–0wÇEèÇEøÿÿÿÿ‹EE趉Mԃ}Ô„«‹Uø3UԉUø‹EøÁàÁø%–0w‹MøÁáÁùá,aî3Á‹UøÁâÁúâÄm3‹MøÁáÁùá2ˆÛ3Á‹UøÁâÁúâd·3‹MøÁáÁùáÈ n;3Á‹UøÁâÁúâAÜv3‹MøÁáÁùá ƒ¸í3Á‰E؋UøÁê3U؉Uø‹EèƒÀ‰Eèé?ÿÿÿ‹Eø÷Ћå]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQÇEüë‹EüƒÀ‰Eü‹MƒÁ‰M‹U·…Àtëâ‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‹EPè°ÿÿÿƒÄ‹ð‹MQè¢ÿÿÿƒÄ;ðt
¸éÇEüë‹UüƒÂ‰Uü‹EƒÀ‰E‹MƒÁ‰M‹URèdÿÿÿƒÄ9Eüsf‹Ef‹f‰Mø‹Uf‹f‰Eô·MøƒùA|·UøƒúZ·EøƒÀ f‰Eø·MôƒùA|·UôƒúZ·EôƒÀ f‰Eô·Mø·Uô;ÊÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPt¸ëénÿÿÿ3À^‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQd¡0‰Eü‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìèÕÿÿÿ‰Eð‹Eð‹H‰Mô‹Uô‹B‰Eø‹Mô‹Q‰Uü‹EP‹Mü‹Q0RèÇþÿÿƒÄ…Àu‹Eü‹@ë‹Mü‹‰Uü‹Eü;EøuÑ3À‹å]ÃÌÌU‹ìƒì ‹E‰Eì‹Mì‹UQ<‰Uè‹Eè‹MHx‰Mð‹Uð‹EB ‰Eô‹Mð‹UQ‰Uà‹Eð‹MH$‰MäÇEüë	‹UüƒÂ‰Uü‹Eð‹Mü;Hs9‹Uü‹Eô‹M‰Mø‹UøRèÃüÿÿƒÄ;Eu‹Eü‹Mä·A‹Eà‹M‹Áëë³3À‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì,¡øáD3ʼnEôÇEüÇEÔÇEøfÇEØkfÇEÚefÇEÜrfÇEÞnfÇEàefÇEâlfÇEä3fÇEæ2fÇEè.fÇEêdfÇEìlfÇEîlfÇEðh|›ÄoEØPèoþÿÿƒÄPèÆþÿÿƒÄ‰EÔhÿ|ɍMØQèRþÿÿƒÄPè©þÿÿƒÄ‰Eø‹URjj‹EPÿUÔPÿUø‰Eü‹Eü‹Mô3Íè0	‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQƒ}u2Àé”h0æChHæCèÿÿÿƒÄ‰Eüjj‹EPjj‹MQ‹URÿUü…Àu
2000
2Àë`‹E‹ƒÁQè`$ƒÄ‹U‰‹Eƒ8u2Àë>‹M‹ƒÂRj‹E‹Qè3#ƒÄjj‹UR‹E‹Qj‹UR‹EPÿUü…Àu2Àë°‹å]ÃÌÌÌÌÌÌÌU‹ììVDžìùÿÿÇEüë	‹EüƒÀ‰Eü}ü}‹Mü‹Uü‰”ðùÿÿëßÇEüë	‹EüƒÀ‰Eü}ü}n‹Mü‹µìùÿÿ´ðùÿÿ‹Eü3Ò÷u‹E¶ñ‹Æ™¹÷ù‰•ìùÿÿ‹UüŠ„•ðùÿÿˆ…ëùÿÿ‹Mü‹•ìùÿÿ‹„•ðùÿÿ‰„ðùÿÿ¶ëùÿÿ‹•ìùÿÿ‰Œ•ðùÿÿë€ÇEøë	‹EøƒÀ‰Eø‹Mø;Mƒ¦‹EüƒÀ™¹÷ù‰Uü‹Uü‹…ìùÿÿ„•ðùÿÿ™¹÷ù‰•ìùÿÿ‹UüŠ„•ðùÿÿˆ…ëùÿÿ‹Mü‹•ìùÿÿ‹„•ðùÿÿ‰„ðùÿÿ¶ëùÿÿ‹•ìùÿÿ‰Œ•ðùÿÿ‹Eü‹„…ðùÿÿ‹ìùÿÿ„ðùÿÿ™¹÷ù‹EEø¶3Œ•ðùÿÿ‹UUøˆ
éEÿÿÿ‹E^‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìh`æChxæCè»üÿÿƒÄ‰EüÇEøjjjjEøPÿUü…Àu3ÀëjjjjMøQÿUü…Àu3À븋å]ÃÌÌÌÌÌÌÌU‹ìQ‰Müè‹å]ÃU‹ì¸XþC]ÃÌÌÌÌÌÌU‹ìQ‰Müj‹Müè™o‹EüǔþC‹Eü‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìjÿhYºCd¡P¸0è%1¡øáD3ʼnEÔPEôd£‰(éÿÿh”æCh¤æCèÜûÿÿƒÄ4]„Q'T½8†
ÅÀ¨ðPÀŽÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPvIèeƒÄPM˜è‰jMè?EPMÐQ•(ÿÿÿR諃ÄPM¨è_EPMØQ• ÿÿÿR苃ÄPM°è?EPMÈQ•ÿÿÿRèkƒÄPM èEPMèQ•ÿÿÿRèKƒÄPMÀèÿEPMàQ•ÿÿÿRè+ƒÄPM¸èßjjE°PÿÿÿQè+ƒÄPU RE¨PMÀQU¸R…øþÿÿPè[ƒÄPðþÿÿQèKƒÄP•èþÿÿRè;ƒÄP…àþÿÿPè+ƒÄPØþÿÿQè;ƒÄPUR…ÐþÿÿPè—ƒÄPM˜èkjMèjMQUÐR…ÈþÿÿPèkƒÄPÀþÿÿQèëƒÄPM¨èjUREØP¸þÿÿQè9ƒÄP•°þÿÿR蹃ÄPM°èÝjEPMÈQ•¨þÿÿRèƒÄP… þÿÿP臃ÄPM è«jMQUèR…˜þÿÿPèÕƒÄPþÿÿQèUƒÄPMÀèyjUREàPˆþÿÿQ裃ÄP•€þÿÿRè#ƒÄPM¸èGjE°PxþÿÿQ蕃ÄPU RE¨PMÀQU¸R…pþÿÿPèŃÄPhþÿÿQ赃ÄP•`þÿÿR襃ÄP…XþÿÿP蕃ÄPMQ•PþÿÿRèƒÄPM˜èåM˜èý‹Mð‰‰Q‹UðƒÂ‰Uðj
Mè‹EŒƒè‰EŒƒ}Œuûÿÿ‹Mø‹QT‹EðЉMð‹Uôƒê‰Uôƒ}ôJûÿÿ‹Mü3Í裋å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹EƒÀP‹MQ‹MüƒÁèk‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹MüƒÁè~Îÿÿ‹å]ÃÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹Eü‹Mo‹Eü‹å]ÂÌÌÌÌU‹ìQ‰Mü‹Eü‹M‰‹U‰P‹Eü‹å]ÂÌÌU‹ìQ‰Mü‹Mü‹‹Q‹å]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoÑÈMð‹MøoEð‹Eø‹Mü3Íè’‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MønC‹EøoñÈMð‹MøoEð‹Eø‹Mü3Íè2‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kè>o‹Møo	ëÈMè‹UøoEè‹Eø‹Mü3ÍèÇ‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹Müo‹E‹å]ÂÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‹Co‹Ko	ÝÈMðoÔ]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPFPEð‹Kè‹C‹Mü3ÍèA‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEüEð‰Mì‹EìoEð‹Eì‹Mü3Íèï‹å]‹ã[wÃÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèèùþÿÿooMèñÁEàoEà‹Kè_ÿÿÿ‹C‹Mü3Íè‚‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEünCEðP‹KEèè‰þÿÿooMèÑÁEàoEà‹Kèïþÿÿ‹C‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì(¡øáD3ʼnEüEðP‹Kè!þÿÿoMèQ‹KEàèþÿÿooMàÛÁEØoE؋Kètþÿÿ‹C‹Mü3Íè—‹å]‹ã[ÃU‹ìƒìV‰Mø‹MøèÒÿÿ‰Eü‹Møèüÿÿ™ƒâÂÁø‹Mø‰AL‹EüƒÀkÀ™ƒâÂÁø‹Uø‰BPjj‹Møè°ûÿÿ‹ðj‹EüP‹Møè ûÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒìx¡øáD3ʼnEü‰Mø‹Møè’Ñÿÿ‰Eôjj‹MøèCûÿÿ‰EðMèèØÎÿÿMàèÐÎÿÿMØèÈÎÿÿMÐèÀÎÿÿMÈè¸ÎÿÿMÀè°ÎÿÿhMèèóMØè;‹Eø‹HP‰M¼‹Uð‰U¸‹Eð‹QMÀè΋U¸‹BPMàè¿‹Mø‹QL÷ڋEð‹QMÐ訋Uø‹BL‹Mð‹RMÈè“jjEÀPM°QèBýÿÿƒÄPUàREØPMÐQUÈRE¨PèuüÿÿƒÄPM QèhüÿÿƒÄPU˜Rè[üÿÿƒÄPEPèNüÿÿƒÄPMˆQèaýÿÿƒÄPMÐè…úÿÿ‹U¸‹BPMØèMÐ讋Mð‰‹UðƒÂ‰Uð‹E¼ƒè‰E¼ƒ}¼ÿÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ôàþÿÿ‹Mü3Íèa‹å]‹ã[ÃÌÌÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøïÀEð‹EøoEð‹Mü3Íè‹å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰Mø3ÀnÀEðoEð‹Møo	gÈMèoEè~À‹Mü3Í诋å]‹ã[ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì ¡øáD3ʼnEü‰Mø3ÀnÀEð‹KnÁEèoEðoMè`ÈMà‹UøoEà‹Mü3ÍèD‹å]‹ã[ÂÌÌÌÌÌÌÌÌÌÌÌU‹ìQ‰Mü‹E‹ƒát
‹U‹ƒÀ‹M‰‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒìV‰Mø‹Møè~Îÿÿ‰Eü‹Møèƒøÿÿ™ƒâÂÁø‹Mø‰Ô]„Q]„Q'T¸Eªs†
ÅÀ¨ðPÀŽPê„AL‹EüƒÀ™+ÂÑø‹Uø‰BPjj‹Møè'øÿÿ‹ðj‹EüP‹Møèøÿÿ+ð‹Æ™ƒâÂÁø‹Mø‰AT‹Uüƒât‹Eø‹HTƒé‹Uø‰JT^‹å]ÃÌÌÌÌÌÌÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ììÀ¡øáD3ʼnEü‰Mø‹MøèïÍÿÿ‰Eôjj‹Møè ÷ÿÿ‰EðMèè5ËÿÿMàè-ËÿÿMØè%ËÿÿMÐèËÿÿMÈèËÿÿMÀè
ËÿÿM¸èËÿÿM°èýÊÿÿM¨èõÊÿÿhMèè8þÿÿMÈè€ýÿÿ‹Eð‹QM¨è"þÿÿ‹Uø‹BP‰E¤‹Mð‹QRMàè
þÿÿ‹Eð‹HQMØèûýÿÿ‹Uø‹BL÷؋Mð‹RM¸èäýÿÿ‹Eø‹HL÷ًUð‹DŠPMÀèÌýÿÿ‹Mø‹QL‹Eð‹QM°è·ýÿÿ‹Uø‹BL‹Mð‹TRMÐè¡ýÿÿjjE¨PM˜QèPùÿÿƒÄPUàREÈPM¸QU°REPèƒøÿÿƒÄPMˆQèvøÿÿƒÄPU€RèiøÿÿƒÄP…xÿÿÿPèYøÿÿƒÄPpÿÿÿQèiùÿÿƒÄPM¸èöÿÿjjUàR…hÿÿÿPèÙøÿÿƒÄPMØQU¨REÀPMÐQ•`ÿÿÿRè	øÿÿƒÄP…XÿÿÿPèù÷ÿÿƒÄPPÿÿÿQèé÷ÿÿƒÄP•HÿÿÿRèÙ÷ÿÿƒÄP…@ÿÿÿPèéøÿÿƒÄPM°è
öÿÿMàQMÈèöÿÿUØRM¨èõõÿÿE°PM¸èY‹Mð‰‰Q‹UðƒÂ‰Uð‹E¤ƒè‰E¤ƒ}¤Lþÿÿ‹Mø‹QT‹Eð‰Mð‹Uôƒê‰Uôƒ}ô!þÿÿ‹Mü3ÍèÙ
‹å]‹ã[ÃÌÌS‹ÜƒìƒäøƒÄU‹k‰l$‹ìƒì¡øáD3ʼnEü‰MøEðP‹Kèîöÿÿo‹Møo	gÈMè‹Eè‹Uì‹Mü3Íè~
‹å]‹ã[ÂÌÌÌÌÌU‹ìƒì0ÇEü ƒ¸íÇEܐAÜvÇEðÈ n;ÇEàd·ÇEÐ2ˆÛÇEìÄmÇEä,aîÇEô–0wÇEèÇEøÿÿÿÿ‹EE趉Mԃ}Ô„«‹Uø3UԉUø‹EøÁàÁø%–0w‹MøÁáÁùá,aî3Á‹UøÁâÁúâÄm3‹MøÁáÁùá2ˆÛ3Á‹UøÁâÁúâd·3‹MøÁáÁùáÈ n;3Á‹UøÁâÁúâAÜv3‹MøÁáÁùá ƒ¸í3Á‰E؋

This file has been truncated. Go here to download in full.


packet_stats.log - (24356 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           998          5827608      587975990     338239381        337.6b   68.15
 IPv4      17           236          4249586      574784418     452759017        106.9b   21.57
 IPv6       6            36        370563888      588636460     504203674         18.2b    3.66
 IPv6      17            40          5437080      559789128     454630294         18.2b    3.67
 IPv6      58            30        369560396      575032544     485855122         14.6b    2.94
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           998           114694       34786990        616351        615.1m   73.62
TMM_FLOWWORKER              IPv4      17           236           260810       18757552        514524        121.4m   14.53
TMM_RECEIVEPCAPFILE         IPv4       6           967             4446       14940256         20655         20.0m    2.39
TMM_RECEIVEPCAPFILE         IPv4      17           236             4472          12778          5155          1.2m    0.15
TMM_DECODEPCAPFILE          IPv4       6           967             4564       20863876         37333         36.1m    4.32
TMM_DECODEPCAPFILE          IPv4      17           236             4564          38432          5266          1.2m    0.15
TMM_FLOWWORKER              IPv6       6            36           117162        1400728        408175         14.7m    1.76
TMM_FLOWWORKER              IPv6      17            40           271956         607830        362648         14.5m    1.74
TMM_FLOWWORKER              IPv6      58            30           116228         204606        150943          4.5m    0.54
TMM_RECEIVEPCAPFILE         IPv6       6            36             4452           8670          4928        177.4k    0.02
TMM_RECEIVEPCAPFILE         IPv6      17            40             4514           6370          5017        200.7k    0.02
TMM_RECEIVEPCAPFILE         IPv6      58            30             4470           7808          4853        145.6k    0.02
TMM_DECODEPCAPFILE          IPv6       6            36             4598           6326          4879        175.6k    0.02
TMM_DECODEPCAPFILE          IPv6      17            40             4652        5608668        145549          5.8m    0.70
TMM_DECODEPCAPFILE          IPv6      58            30             4620          55310          7149        214.5k    0.03

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           967             4738          39716          5526          5.3m  0.76  
flow                    IPv4      17           236             4744          78944          6620          1.6m  0.22  
stream                  IPv4       6           998             4854       32711492         53493         53.4m  7.56  
app-layer               IPv4      17           236             4422          88524         11678          2.8m  0.39  
detect                  IPv4       6           998            77374       34342090        515262        514.2m  72.78 
detect                  IPv4      17           236           232632        1255230        388937         91.8m  12.99 
tcp-prune               IPv4       6           998             4436         828530          6600          6.6m  0.93  
flow                    IPv6       6            36             4752          22328          6069        218.5k  0.03  
flow                    IPv6      17            40             4780          34546          7155        286.2k  0.04  
flow                    IPv6      58            30             4826          26704          7279        218.4k  0.03  
stream                  IPv6       6            36             5594         136850         24902        896.5k  0.13  
app-layer               IPv6      17            40             4432          20106          8790        351.6k  0.05  
detect                  IPv6       6            36            79254        1294584        327516         11.8m  1.67  
detect                  IPv6      17            40           242136         547156        326603         13.1m  1.85  
detect                  IPv6      58            30            96220         184480        128738          3.9m  0.55  
tcp-prune               IPv6       6            36             4452           6736          4855        174.8k  0.02  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            51             4818         137002         10771        549.3k  24.28 
http                    IPv4      17            62             4818          65188         19679          1.2m  53.92 
tls                     IPv4       6             7             4586           6174          5407         37.9k  1.67  
dns                     IPv4      17            36             5840          29990         10361        373.0k  16.48 
http                    IPv6       6             3             5216           8224          6829         20.5k  0.91  
http                    IPv6      17            10             4818          11082          6198         62.0k  2.74  
Proto detect            IPv4       6            11             4700          12826          6559         72.2k
Proto detect            IPv4      17            98             4650          42552          7724        757.0k
Proto detect            IPv6      17            14             4660           8504          5697         79.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             6            29164         201832         74446        446.7k  1.49  
LOGGER_UNIFIED2             IPv4       6             6            43942         202458         94704        568.2k  1.90  
LOGGER_JSON_ALERT           IPv4       6             6            42288         186212         88205        529.2k  1.77  
LOGGER_JSON_DNS             IPv4      17            36            33058       17493432        562082         20.2m  67.60 
LOGGER_JSON_HTTP            IPv4       6            35            42074         230150         88461          3.1m  10.34 
LOGGER_JSON_TLS             IPv4       6             6             4778          67776         26686        160.1k  0.53  
LOGGER_JSON_FILE            IPv4       6            47            52060         204238         89247          4.2m  14.01 
LOGGER_JSON_HTTP            IPv6       6             3            87870         159374        113512        340.5k  1.14  
LOGGER_JSON_FILE            IPv6       6             3            84956         141546        120628        361.9k  1.21  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           646             4444         601098         42228        27.3m  18.72 
payload                           IPv4      17           236             7352         476716         42414        10.0m  6.87  
stream                            IPv4       6           646             4416        9781422         85052        54.9m  37.71 
http_uri                          IPv4       6            35            10572          77856         28616         1.0m  0.69  
http_request_line                 IPv4       6            35             6102          24460          9252       323.8k  0.22  
http_client_body                  IPv4       6            35             4720         355338         64900         2.3m  1.56  
http_header (request)             IPv4       6            35            14072         212978         58790         2.1m  1.41  
http_header (request trailer)     IPv4       6            35             4496           9968          4749       166.2k  0.11  
http_header_names (request)       IPv4       6            35             7348          52298         21938       767.8k  0.53  
http_accept (request)             IPv4       6            35             4968          12204          6152       215.3k  0.15  
http_referer (request)            IPv4       6            35             4672           9056          5575       195.2k  0.13  
http_content_len (request)        IPv4       6            35             4766          30284          6836       239.3k  0.16  
http_content_type (request)       IPv4       6            35             4678          37348          7892       276.2k  0.19  
http_protocol (request)           IPv4       6            35             4954           9240          6837       239.3k  0.16  
http_start (request)              IPv4       6            35             7698          35878         14713       515.0k  0.35  
http_raw_header (request)         IPv4       6            35            11170          35976         18256       639.0k  0.44  
http_method                       IPv4       6            35             5034          28604          8413       294.5k  0.20  
http_cookie (request)             IPv4       6            35             4790          11040          5593       195.8k  0.13  
http_raw_uri                      IPv4       6            35             5336          14634          7391       258.7k  0.18  
http_user_agent                   IPv4       6            35             4980         150012         18717       655.1k  0.45  
http_host                         IPv4       6            35             5622          16282          8333       291.7k  0.20  
dns_query                         IPv4      17            18             4858          27856         10545       189.8k  0.13  
tls_sni                           IPv4       6             6             6680          15288         10751        64.5k  0.04  
http_response_line                IPv4       6            32             5298          25184          9659       309.1k  0.21  
http_header (response)            IPv4       6            32            12814         125342         36845         1.2m  0.81  
http_header (response trailer)    IPv4       6            32             4472          50374          7006       224.2k  0.15  
http_content_type (response)      IPv4       6            32             5620          38776          9759       312.3k  0.21  
http_raw_header (response)        IPv4       6           433             5774         102858          9233         4.0m  2.74  
http_cookie (response)            IPv4       6            32             4848          23916          6179       197.8k  0.14  
http_stat_code                    IPv4       6            32             4726          21172          6147       196.7k  0.13  
tls_cert_issuer                   IPv4       6             6             4508          21756          8206        49.2k  0.03  
tls_cert_subject                  IPv4       6             6             4482          16408          8425        50.5k  0.03  
tls_cert_serial                   IPv4       6             6             4496           8438          5602        33.6k  0.02  
file_data (http response)         IPv4       6           401             4462        1785418         76013        30.5m  20.92 
Total                             IPv4                  3226                                         43435       140.1m
payload                           IPv6       6            24             4504         289606         41360       992.7k  0.68  
payload                           IPv6      17            40             7146         142854         35086         1.4m  0.96  
payload                           IPv6      58            30             4804          34978          8208       246.3k  0.17  
stream                            IPv6       6            24             4434         372766         63656         1.5m  1.05  
http_uri                          IPv6       6             3            51106          72674         59528       178.6k  0.12  
http_request_line                 IPv6       6             3             7514          11688          9792        29.4k  0.02  
http_client_body                  IPv6       6             3             5276           6796          6154        18.5k  0.01  
http_header (request)             IPv6       6             3            66896         110688         92231       276.7k  0.19  
http_header (request trailer)     IPv6       6             3             4536          10638          6578        19.7k  0.01  
http_header_names (request)       IPv6       6             3            27882          84076         47303       141.9k  0.10  
http_accept (request)             IPv6       6             3             8304          10596          9290        27.9k  0.02  
http_referer (request)            IPv6       6             3             5224           6476          5714        17.1k  0.01  
http_content_len (request)        IPv6       6             3             5134           5390          5281        15.8k  0.01  
http_content_type (request)       IPv6       6             3             5006           5398          5201        15.6k  0.01  
http_protocol (request)           IPv6       6             3             7082           7576          7342        22.0k  0.02  
http_start (request)              IPv6       6             3            12344          17606         15214        45.6k  0.03  
http_raw_header (request)         IPv6       6             3            17290          20404         18876        56.6k  0.04  
http_method                       IPv6       6             3             8876           9594          9140        27.4k  0.02  
http_cookie (request)             IPv6       6             3             5230           5778          5454        16.4k  0.01  
http_raw_uri                      IPv6       6             3             8530           9372          8861        26.6k  0.02  
http_user_agent                   IPv6       6             3             8684          30096         16121        48.4k  0.03  
http_host                         IPv6       6             3             8756          30168         16334        49.0k  0.03  
http_response_line                IPv6       6             3            10818          13980         12061        36.2k  0.02  
http_header (response)            IPv6       6             3            38886          45674         41437       124.3k  0.09  
http_header (response trailer)    IPv6       6             3             4686           5000          4866        14.6k  0.01  
http_content_type (response)      IPv6       6             3             8946          11132          9946        29.8k  0.02  
http_raw_header (response)        IPv6       6            12             5754          16116          8470       101.6k  0.07  
http_cookie (response)            IPv6       6             3             4924           6970          5615        16.8k  0.01  
http_stat_code                    IPv6       6             3             5972           6290          6090        18.3k  0.01  
file_data (http response)         IPv6       6             9   

This file has been truncated. Go here to download in full.


suricata-report-2019-09-20-T-08-39-25-09202019.0838-network.pcap.txt - (17761 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dc3a62becde112f824b78127ad5e6b3b56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09202019.0838-network.pcap -vvv -k none
elapsedtime:24.016496
stderr:
stdout:
20/9/2019 -- 08:39:01 - <Info> - Configuration node 'rule-files' redefined.
20/9/2019 -- 08:39:01 - <Notice> - This is Suricata version 4.0.0 RELEASE
20/9/2019 -- 08:39:01 - <Info> - CPUs/cores online: 1
20/9/2019 -- 08:39:01 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33057 and 'request-body-inspect-window' set to 16327 after randomization.
20/9/2019 -- 08:39:01 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31662 and 'response-body-inspect-window' set to 16239 after randomization.
20/9/2019 -- 08:39:01 - <Config> - DNS request flood protection level: 500
20/9/2019 -- 08:39:01 - <Config> - DNS per flow memcap (state-memcap): 524288
20/9/2019 -- 08:39:01 - <Config> - DNS global memcap: 16777216
20/9/2019 -- 08:39:01 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
20/9/2019 -- 08:39:01 - <Config> - preallocated 1000 hosts of size 136
20/9/2019 -- 08:39:01 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
20/9/2019 -- 08:39:01 - <Config> - using magic-file /usr/share/file/magic
20/9/2019 -- 08:39:01 - <Config> - Core dump size is unlimited.
20/9/2019 -- 08:39:01 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
20/9/2019 -- 08:39:01 - <Config> - preallocated 1000 defrag trackers of size 168
20/9/2019 -- 08:39:01 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
20/9/2019 -- 08:39:01 - <Config> - stream "prealloc-sessions": 2048 (per thread)
20/9/2019 -- 08:39:01 - <Config> - stream "memcap": 33554432
20/9/2019 -- 08:39:01 - <Config> - stream "midstream" session pickups: disabled
20/9/2019 -- 08:39:01 - <Config> - stream "async-oneside": disabled
20/9/2019 -- 08:39:01 - <Config> - stream "checksum-validation": disabled
20/9/2019 -- 08:39:01 - <Config> - stream."inline": disabled
20/9/2019 -- 08:39:01 - <Config> - stream "bypass": disabled
20/9/2019 -- 08:39:01 - <Config> - stream "max-synack-queued": 5
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "memcap": 134217728
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "depth": 0
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "toserver-chunk-size": 2618
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "toclient-chunk-size": 2560
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly.raw: enabled
20/9/2019 -- 08:39:01 - <Config> - stream.reassembly "segment-prealloc": 2048
20/9/2019 -- 08:39:01 - <Config> - Delayed detect disabled
20/9/2019 -- 08:39:01 - <Config> - pattern matchers: MPM: ac, SPM: bm
20/9/2019 -- 08:39:01 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
20/9/2019 -- 08:39:01 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
20/9/2019 -- 08:39:01 - <Config> - prefilter engines: MPM
20/9/2019 -- 08:39:01 - <Config> - IP reputation disabled
20/9/2019 -- 08:39:01 - <Perf> - Registered 148 keyword profiling counters.
20/9/2019 -- 08:39:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
20/9/2019 -- 08:39:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
20/9/2019 -- 08:39:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
20/9/2019 -- 08:39:06 - <Config> - No rules loaded from ET-icmp.rules.
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
20/9/2019 -- 08:39:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
20/9/2019 -- 08:39:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
20/9/2019 -- 08:39:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
20/9/2019 -- 08:39:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
20/9/2019 -- 08:39:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
20/9/2019 -- 08:39:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
20/9/2019 -- 08:39:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
20/9/2019 -- 08:39:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
20/9/2019 -- 08:39:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
20/9/2019 -- 08:39:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
20/9/2019 -- 08:39:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
20/9/2019 -- 08:39:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
20/9/2019 -- 08:39:14 - <Config> - No rules loaded from local.rules.
20/9/2019 -- 08:39:14 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
20/9/2019 -- 08:39:14 - <Info> - Threshold config parsed: 0 rule(s) found
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tcp-packet
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tcp-stream
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for udp-packet
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for other-ip
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_uri
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_request_line
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_client_body
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_response_line
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_header
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_header
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_header_names
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_header_names
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_accept
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_accept_enc
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_accept_lang
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_referer
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_connection
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_content_len
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_content_len
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_content_type
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_content_type
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_protocol
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_protocol
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_start
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_start
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_raw_header
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_raw_header
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_method
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_cookie
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_cookie
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_raw_uri
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_user_agent
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_host
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_raw_host
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_stat_msg
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_stat_code
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for dns_query
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tls_sni
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tls_cert_issuer
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tls_cert_subject
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for tls_cert_serial
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for dce_stub_data
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for dce_stub_data
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for ssh_protocol
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for ssh_protocol
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for ssh_software
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for ssh_software
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for file_data
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for file_data
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_request_line
20/9/2019 -- 08:39:15 - <Perf> - using shared mpm ctx' for http_response_line
20/9/2019 -- 08:39:15 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
20/9/2019 -- 08:39:15 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
20/9/2019 -- 08:39:15 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
20/9/2019 -- 08:39:15 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
20/9/2019 -- 08:39:15 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
20/9/2019 -- 08:39:15 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
20/9/2019 -- 08:39:15 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
20/9/2019 -- 08:39:15 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
20/9/2019 -- 08:39:21 - <Perf> - Unique rule groups: 104
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toserver TCP packet": 35
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toclient TCP packet": 17
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toserver TCP stream": 33
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toclient TCP stream": 19
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toserver UDP packet": 27
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "toclient UDP packet": 17
20/9/2019 -- 08:39:21 - <Perf> - Builtin MPM "other IP packet": 3
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_uri": 14
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_request_line": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_client_body": 6
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_response_line": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_header": 10
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_header": 6
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_header_names": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_accept": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_referer": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_content_len": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_content_type": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_content_type": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_protocol": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_start": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_method": 5
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_cookie": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_cookie": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver http_host": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver dns_query": 4
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver tls_sni": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toserver file_data": 1
20/9/2019 -- 08:39:21 - <Perf> - AppLayer MPM "toclient file_data": 7
20/9/2019 -- 08:39:24 - <Perf> - Registered 39590 rule profiling counters.
20/9/2019 -- 08:39:24 - <Info> - fast output device (regular) initialized: alert
20/9/2019 -- 08:39:24 - <Info> - eve-log output device (regular) initialized: eve.json
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'alert'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'http'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'dns'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'tls'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'files'
20/9/2019 -- 08:39:24 - <Config> - enabling 'eve-log' module 'ssh'
20/9/2019 -- 08:39:24 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
20/9/2019 -- 08:39:24 - <Info> - stats output device (regular) initialized: stats.log
20/9/2019 -- 08:39:24 - <Config> - AutoFP mode using "Hash" flow load balancer
20/9/2019 -- 08:39:24 - <Info> - reading pcap file /var/pcap/09202019.0838-network.pcap
20/9/2019 -- 08:39:24 - <Config> - using 1 flow manager threads
20/9/2019 -- 08:39:24 - <Config

This file has been truncated. Go here to download in full.


stats.log - (3080 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
------------------------------------------------------------------------------------
Date: 9/20/2019 -- 08:39:24 (uptime: 0d, 00h 00m 00s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1390
decoder.bytes                              | Total                     | 1163279
decoder.ipv4                               | Total                     | 1203
decoder.ipv6                               | Total                     | 106
decoder.ethernet                           | Total                     | 1390
decoder.tcp                                | Total                     | 1003
decoder.udp                                | Total                     | 276
decoder.icmpv6                             | Total                     | 30
decoder.avg_pkt_size                       | Total                     | 836
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 43
flow.udp                                   | Total                     | 95
flow.icmpv6                                | Total                     | 26
tcp.sessions                               | Total                     | 43
tcp.syn                                    | Total                     | 43
tcp.synack                                 | Total                     | 43
tcp.rst                                    | Total                     | 30
tcp.overlap                                | Total                     | 6
detect.alert                               | Total                     | 8
detect.mpm_list                            | Total                     | 7
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 8
app_layer.flow.http                        | Total                     | 34
app_layer.tx.http                          | Total                     | 38
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 18
app_layer.tx.dns_udp                       | Total                     | 18
app_layer.flow.failed_udp                  | Total                     | 77
flow_mgr.new_pruned                        | Total                     | 2
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078912


suricata-4.0.0-etpro-all-alert-2019-09-20-T-08-39-25-09202019.0838-network.pcap.txt - (1673 bytes) - download
1
2
3
4
5
6
7
8
09/20/2019-00:03:29.141140  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 134.0.10.197:80 -> 192.168.240.30:49294
09/20/2019-00:03:29.141140  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 134.0.10.197:80 -> 192.168.240.30:49294
09/20/2019-00:03:29.141140  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 134.0.10.197:80 -> 192.168.240.30:49294
09/20/2019-00:03:30.769480  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 134.0.10.197:80 -> 192.168.240.30:49294
09/20/2019-00:05:26.113323  [**] [1:2404308:4989] ET CNC Feodo Tracker Reported CnC Server group 9 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.30:49316 -> 190.13.146.47:443
09/20/2019-00:05:52.575503  [**] [1:2013926:8] ET POLICY HTTP traffic on port 443 (POST) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.30:49316 -> 190.13.146.47:443
09/20/2019-00:06:28.628327  [**] [1:2404311:4989] ET CNC Feodo Tracker Reported CnC Server group 12 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.30:49320 -> 203.150.19.63:443
09/20/2019-00:06:36.689263  [**] [1:2013926:8] ET POLICY HTTP traffic on port 443 (POST) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.240.30:49320 -> 203.150.19.63:443


eve.json - (72153 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{"timestamp":"2019-09-20T00:03:26.098638+0000","flow_id":1486888004125006,"pcap_cnt":7,"event_type":"dns","src_ip":"192.168.240.30","src_port":49956,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":60398,"rrname":"www.brooklynlilly.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:26.124608+0000","flow_id":1486888004125006,"pcap_cnt":8,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":49956,"proto":"UDP","dns":{"type":"answer","id":60398,"rcode":"NOERROR","rrname":"www.brooklynlilly.com","rrtype":"A","ttl":1799,"rdata":"165.22.12.103"}}
{"timestamp":"2019-09-20T00:03:26.515411+0000","flow_id":1890995034578259,"pcap_cnt":21,"event_type":"dns","src_ip":"192.168.240.30","src_port":60625,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57409,"rrname":"blog.internationalfertilityacademy.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:26.539103+0000","flow_id":1890995034578259,"pcap_cnt":22,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":60625,"proto":"UDP","dns":{"type":"answer","id":57409,"rcode":"NOERROR","rrname":"blog.internationalfertilityacademy.com","rrtype":"A","ttl":3599,"rdata":"88.99.167.17"}}
{"timestamp":"2019-09-20T00:03:26.831668+0000","flow_id":1038553547949170,"pcap_cnt":31,"event_type":"http","src_ip":"192.168.240.30","src_port":49288,"dest_ip":"88.99.167.17","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"blog.internationalfertilityacademy.com","url":"\/wp-content\/plugins\/classic-editor\/jzbNbooyL\/","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T00:03:28.424320+0000","flow_id":1610482130647424,"pcap_cnt":32,"event_type":"dns","src_ip":"192.168.240.30","src_port":49767,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54101,"rrname":"marcofama.it","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:26.870080+0000","flow_id":1610482130647424,"pcap_cnt":33,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":49767,"proto":"UDP","dns":{"type":"answer","id":54101,"rcode":"NOERROR","rrname":"marcofama.it","rrtype":"A","ttl":299,"rdata":"5.134.124.81"}}
{"timestamp":"2019-09-20T00:03:28.976033+0000","flow_id":492154251005860,"pcap_cnt":40,"event_type":"http","src_ip":"192.168.240.30","src_port":49289,"dest_ip":"5.134.124.81","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"marcofama.it","url":"\/mail-icons\/lwnei7-dxih50s9p-883209316\/","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T00:03:27.410393+0000","flow_id":1769778172609305,"pcap_cnt":41,"event_type":"dns","src_ip":"192.168.240.30","src_port":62699,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6861,"rrname":"www.marcofama.it","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:27.424030+0000","flow_id":1769778172609305,"pcap_cnt":42,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":62699,"proto":"UDP","dns":{"type":"answer","id":6861,"rcode":"NOERROR","rrname":"www.marcofama.it","rrtype":"CNAME","ttl":299,"rdata":"marcofama.it"}}
{"timestamp":"2019-09-20T00:03:27.424030+0000","flow_id":1769778172609305,"pcap_cnt":42,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":62699,"proto":"UDP","dns":{"type":"answer","id":6861,"rcode":"NOERROR","rrname":"marcofama.it","rrtype":"A","ttl":299,"rdata":"5.134.124.81"}}
{"timestamp":"2019-09-20T00:03:28.250345+0000","flow_id":1388690019418470,"pcap_cnt":71,"event_type":"http","src_ip":"192.168.240.30","src_port":49290,"dest_ip":"5.134.124.81","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.marcofama.it","url":"\/mail-icons\/lwnei7-dxih50s9p-883209316\/","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T00:03:28.261246+0000","flow_id":1432256020282494,"pcap_cnt":74,"event_type":"dns","src_ip":"192.168.240.30","src_port":57355,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":54988,"rrname":"think1.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:28.302010+0000","flow_id":1432256020282494,"pcap_cnt":75,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":57355,"proto":"UDP","dns":{"type":"answer","id":54988,"rcode":"NOERROR","rrname":"think1.com","rrtype":"A","ttl":3599,"rdata":"45.33.37.47"}}
{"timestamp":"2019-09-20T00:03:28.331103+0000","flow_id":1109882217434463,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.240.30","src_port":54235,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":5556,"rrname":"drapart.org","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:03:28.484375+0000","flow_id":1109882217434463,"pcap_cnt":95,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":54235,"proto":"UDP","dns":{"type":"answer","id":5556,"rcode":"NOERROR","rrname":"drapart.org","rrtype":"A","ttl":899,"rdata":"134.0.10.197"}}
{"timestamp":"2019-09-20T00:03:28.498321+0000","flow_id":2148798299203666,"pcap_cnt":98,"event_type":"http","src_ip":"192.168.240.30","src_port":49291,"dest_ip":"45.33.37.47","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"think1.com","url":"\/wp-content\/ktTAcbN\/","http_content_type":"text\/html"}}
{"timestamp":"2019-09-20T00:03:29.141140+0000","flow_id":1500687734211788,"pcap_cnt":132,"event_type":"alert","src_ip":"134.0.10.197","src_port":80,"dest_ip":"192.168.240.30","dest_port":49294,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-20T00:03:29.141140+0000","flow_id":1500687734211788,"pcap_cnt":132,"event_type":"alert","src_ip":"134.0.10.197","src_port":80,"dest_ip":"192.168.240.30","dest_port":49294,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016538,"rev":3,"signature":"ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-09-20T00:03:29.141140+0000","flow_id":1500687734211788,"pcap_cnt":132,"event_type":"alert","src_ip":"134.0.10.197","src_port":80,"dest_ip":"192.168.240.30","dest_port":49294,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2014520,"rev":6,"signature":"ET INFO EXE - Served Attached HTTP","category":"Misc activity","severity":3}}
{"timestamp":"2019-09-20T00:03:30.769480+0000","flow_id":1500687734211788,"pcap_cnt":363,"event_type":"alert","src_ip":"134.0.10.197","src_port":80,"dest_ip":"192.168.240.30","dest_port":49294,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-09-20T00:03:31.215018+0000","flow_id":1500687734211788,"pcap_cnt":463,"event_type":"http","src_ip":"192.168.240.30","src_port":49294,"dest_ip":"134.0.10.197","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"drapart.org","url":"\/Prensa\/k0viv68-5v5-2137\/","http_content_type":"application\/octet-stream"}}
{"timestamp":"2019-09-20T00:04:06.110185+0000","flow_id":1926331880542999,"pcap_cnt":487,"event_type":"http","src_ip":"fe80:0000:0000:0000:3884:a01c:b918:bb37","src_port":49295,"dest_ip":"fe80:0000:0000:0000:201f:4af1:c8da:cb95","dest_port":2869,"proto":"TCP","tx_id":0,"http":{"hostname":"[fe80::201f:4af1:c8da:cb95]","url":"\/upnphost\/udhisapi.dll?content=uuid:1afae495-5c1f-43eb-b508-8395c601874e","http_user_agent":"FDSSDP","http_content_type":"text\/xml"}}
{"timestamp":"2019-09-20T00:04:16.379476+0000","flow_id":1566956935234447,"pcap_cnt":511,"event_type":"http","src_ip":"192.168.240.30","src_port":49296,"dest_ip":"192.168.240.87","dest_port":2869,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.87","url":"\/upnphost\/udhisapi.dll?content=uuid:1afae495-5c1f-43eb-b508-8395c601874e","http_user_agent":"FDSSDP","http_content_type":"text\/xml"}}
{"timestamp":"2019-09-20T00:04:22.628493+0000","flow_id":474029492698983,"pcap_cnt":532,"event_type":"fileinfo","src_ip":"192.168.240.30","src_port":49297,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:22.628722+0000","flow_id":474029492698983,"pcap_cnt":534,"event_type":"http","src_ip":"192.168.240.30","src_port":49297,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-20T00:04:22.681127+0000","flow_id":474029492698983,"pcap_cnt":536,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":5357,"dest_ip":"192.168.240.30","dest_port":49297,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:26.599441+0000","flow_id":1566956935234447,"pcap_cnt":604,"event_type":"fileinfo","src_ip":"192.168.240.87","src_port":2869,"dest_ip":"192.168.240.30","dest_port":49296,"proto":"TCP","http":{"hostname":"192.168.240.87","url":"\/upnphost\/udhisapi.dll?content=uuid:1afae495-5c1f-43eb-b508-8395c601874e","http_user_agent":"FDSSDP","http_content_type":"text\/xml","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":5677},"app_proto":"http","fileinfo":{"filename":"\/upnphost\/udhisapi.dll","gaps":false,"state":"CLOSED","stored":false,"size":5677,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:26.668916+0000","flow_id":1909055375943270,"pcap_cnt":613,"event_type":"fileinfo","src_ip":"192.168.240.30","src_port":49298,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:26.669464+0000","flow_id":1909055375943270,"pcap_cnt":615,"event_type":"http","src_ip":"192.168.240.30","src_port":49298,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-20T00:04:26.671372+0000","flow_id":1909055375943270,"pcap_cnt":617,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":5357,"dest_ip":"192.168.240.30","dest_port":49298,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-20T00:04:39.438296+0000","flow_id":1156237804154904,"pcap_cnt":622,"event_type":"dns","src_ip":"192.168.240.30","src_port":49656,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56954,"rrname":"settings-win.data.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:04:39.450552+0000","flow_id":1156237804154904,"pcap_cnt":623,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":49656,"proto":"UDP","dns":{"type":"answer","id":56954,"rcode":"NOERROR","rrname":"settings-win.data.microsoft.com","rrtype":"CNAME","ttl":342,"rdata":"settingsfd-geo.trafficmanager.net"}}
{"timestamp":"2019-09-20T00:04:39.450552+0000","flow_id":1156237804154904,"pcap_cnt":623,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":49656,"proto":"UDP","dns":{"type":"answer","id":56954,"rcode":"NOERROR","rrname":"settingsfd-geo.trafficmanager.net","rrtype":"A","ttl":29,"rdata":"51.143.106.177"}}
{"timestamp":"2019-09-20T00:04:39.500271+0000","flow_id":2090365273761495,"pcap_cnt":631,"event_type":"tls","src_ip":"192.168.240.30","src_port":49299,"dest_ip":"51.143.106.177","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=WA, L=Redmond, O=Microsoft, OU=WSE, CN=settings-win.data.microsoft.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011"}}
{"timestamp":"2019-09-20T00:04:39.426242+0000","flow_id":1589030921142530,"pcap_cnt":634,"event_type":"dns","src_ip":"192.168.240.30","src_port":55251,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18305,"rrname":"ctldl.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"ctldl.windowsupdate.com","rrtype":"CNAME","ttl":541,"rdata":"audownload.windowsupdate.nsatc.net"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"audownload.windowsupdate.nsatc.net","rrtype":"CNAME","ttl":283,"rdata":"auto.au.download.windowsupdate.com.c.footprint.net"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"67.24.195.254"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"67.24.189.254"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"8.253.112.121"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"67.24.187.254"}}
{"timestamp":"2019-09-20T00:04:39.581995+0000","flow_id":1589030921142530,"pcap_cnt":635,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.30","dest_port":55251,"proto":"UDP","dns":{"type":"answer","id":18305,"rcode":"NOERROR","rrname":"auto.au.download.windowsupdate.com.c.footprint.net","rrtype":"A","ttl":285,"rdata":"8.249.119.254"}}
{"timestamp":"2019-09-20T00:04:39.659949+0000","flow_id":1084142483114432,"pcap_c

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-09-20-T-08-39-25-09202019.0838-network.pcap.txt - (74966 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/20/2019 -- 08:39:24. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2017552      1        6        37016602     16.31  159      0        32561542    232808.82   0.00        232808.82  
  2        2014704      1        7        12990190     5.73   25       0        12370452    519607.60   0.00        519607.60  
  3        2803027      1        6        13490292     5.95   18       0        10011798    749460.67   0.00        749460.67  
  4        2815453      1        4        3680178      1.62   3        0        1940284     1226726.00  0.00        1226726.00 
  5        2008575      1        5        4586666      2.02   291      0        863986      15761.74    0.00        15761.74   
  6        2018342      1        2        1039832      0.46   3        0        548494      346610.67   0.00        346610.67  
  7        2801929      1        7        2729008      1.20   13       0        472278      209923.69   0.00        209923.69  
  8        2001330      1        8        2468848      1.09   406      0        438926      6080.91     0.00        6080.91    
  9        2828748      1        2        1028034      0.45   120      0        428220      8566.95     0.00        8566.95    
  10       2801930      1        7        2438450      1.07   13       0        406952      187573.08   0.00        187573.08  
  11       2802987      1        5        4138982      1.82   27       0        405238      153295.63   0.00        153295.63  
  12       2820157      1        2        1413714      0.62   6        0        319332      235619.00   0.00        235619.00  
  13       2820158      1        2        1410038      0.62   6        0        315442      235006.33   0.00        235006.33  
  14       2804911      1        3        736714       0.32   5        0        304014      147342.80   0.00        147342.80  
  15       2811745      1        4        595008       0.26   3        0        302642      198336.00   0.00        198336.00  
  16       2819930      1        2        1334584      0.59   7        0        281884      190654.86   0.00        190654.86  
  17       2819664      1        2        1404930      0.62   7        0        269538      200704.29   0.00        200704.29  
  18       2804927      1        2        864538       0.38   5        0        254840      172907.60   0.00        172907.60  
  19       2021749      1        6        444254       0.20   2        0        248832      222127.00   0.00        222127.00  
  20       2016855      1        2        246250       0.11   1        0        246250      246250.00   0.00        246250.00  
  21       2020865      1        3        232108       0.10   1        0        232108      232108.00   0.00        232108.00  
  22       2814978      1        2        423310       0.19   10       0        217180      42331.00    0.00        42331.00   
  23       2804907      1        3        670512       0.30   7        0        215328      95787.43    0.00        95787.43   
  24       2822213      1        2        397706       0.18   10       0        207992      39770.60    0.00        39770.60   
  25       2021529      1        3        315836       0.14   2        0        206612      157918.00   0.00        157918.00  
  26       2016854      1        3        204504       0.09   1        0        204504      204504.00   0.00        204504.00  
  27       2814979      1        2        371730       0.16   10       0        193466      37173.00    0.00        37173.00   
  28       2804906      1        3        359048       0.16   4        0        191230      89762.00    0.00        89762.00   
  29       2803657      1        5        505672       0.22   4        0        183704      126418.00   0.00        126418.00  
  30       2023679      1        3        289064       0.13   5        0        179296      57812.80    0.00        57812.80   
  31       2020569      1        1        446938       0.20   4        0        176614      111734.50   0.00        111734.50  
  32       2807400      1        3        421154       0.19   4        0        161634      105288.50   0.00        105288.50  
  33       2802991      1        5        639330       0.28   6        0        156220      106555.00   0.00        106555.00  
  34       2816909      1        2        505532       0.22   4        0        155094      126383.00   0.00        126383.00  
  35       2827094      1        2        253088       0.11   2        0        154370      126544.00   0.00        126544.00  
  36       2018005      1        6        308990       0.14   10       0        149238      30899.00    0.00        30899.00   
  37       2808234      1        1        386544       0.17   4        0        145950      96636.00    0.00        96636.00   
  38       2805985      1        2        413498       0.18   4        0        145828      103374.50   0.00        103374.50  
  39       2018982      1        2        416600       0.18   4        0        145460      104150.00   0.00        104150.00  
  40       2022050      1        3        398278       0.18   4        0        145266      99569.50    0.00        99569.50   
  41       2821082      1        2        231186       0.10   2        0        142458      115593.00   0.00        115593.00  
  42       2816165      1        5        1911744      0.84   38       0        138616      50309.05    0.00        50309.05   
  43       2012970      1        2        137348       0.06   1        0        137348      137348.00   0.00        137348.00  
  44       2019230      1        2        584520       0.26   30       0        134514      19484.00    0.00        19484.00   
  45       2816356      1        2        745254       0.33   12       0        133634      62104.50    0.00        62104.50   
  46       2011894      1        19       324642       0.14   4        0        131804      81160.50    0.00        81160.50   
  47       2816910      1        2        442150       0.19   4        0        131424      110537.50   0.00        110537.50  
  48       2023711      1        2        147842       0.07   5        0        127794      29568.40    0.00        29568.40   
  49       2023083      1        2        344128       0.15   5        0        126382      68825.60    0.00        68825.60   
  50       2102523      1        8        419534       0.18   60       0        125596      6992.23     0.00        6992.23    
  51       2809850      1        2        263962       0.12   4        0        122232      65990.50    0.00        65990.50   
  52       2820600      1        2        222034       0.10   2        0        121904      111017.00   0.00        111017.00  
  53       2016333      1        4        290584       0.13   3        0        120316      96861.33    0.00        96861.33   
  54       2816895      1        2        371736       0.16   7        0        119874      53105.14    0.00        53105.14   
  55       2802880      1        3        409536       0.18   5        0        119636      81907.20    0.00        81907.20   
  56       2820851      1        5        290410       0.13   4        0        117250      72602.50    0.00        72602.50   
  57       2816922      1        5        275526       0.12   4        0        116564      68881.50    0.00        68881.50   
  58       2016537      1        2        3499878      1.54   126      5        115448      27776.81    107092.40   24499.31   
  59       2023818      1        2        196526       0.09   2        2        114864      98263.00    98263.00    0.00       
  60       2015744      1        4        117942       0.05   2        1        113314      58971.00    113314.00   4628.00    
  61       2018241      1        2        145498       0.06   5        0        111546      29099.60    0.00        29099.60   
  62       2018375      1        3        431664       0.19   15       0        110978      28777.60    0.00        28777.60   
  63       2025142      1        2        958300       0.42   12       0        110928      79858.33    0.00        79858.33   
  64       2826727      1        2        302856       0.13   3        0        110428      100952.00   0.00        100952.00  
  65       2826256      1        2        1583872      0.70   38       0        110398      41680.84    0.00        41680.84   
  66       2830035      1        2        351502       0.15   5        0        110014      70300.40    0.00        70300.40   
  67       2809267      1        8        302828       0.13   5        0        109796      60565.60    0.00        60565.60   
  68       2811447      1        2        1613768      0.71   55       0        108888      29341.24    0.00        29341.24   
  69       2821561      1        2        1098786      0.48   21       0        107814      52323.14    0.00        52323.14   
  70       2816526      1        13       280354       0.12   4        0        106418      70088.50    0.00        70088.50   
  71       2815254      1        7        609280       0.27   8        0        106036      76160.00    0.00        76160.00   
  72       2024138      1        2        105510       0.05   1        0        105510      105510.00   0.00        105510.00  
  73       2821615      1        2        1370588      0.60   26       0        105278      52714.92    0.00        52714.92   
  74       2009909      1        10       331210       0.15   4        0        103710      82802.50    0.00        82802.50   
  75       2003068      1        7        199190       0.09   17       0        103056      11717.06    0.00        11717.06   
  76       2021067      1        2        868118       0.38   16       0        102516      54257.38    0.00        54257.38   
  77       2816940      1        2        371988       0.16   4        0        102024      92997.00    0.00        92997.00   
  78       2017166      1        4        230324       0.10   3        0        101660      76774.67    0.00        76774.67   
  79       2830124      1        1        423956       0.19   5        0        100110      84791.20    0.00        84791.20   
  80       2009028      1        11       119904       0.05   5        0        99668       23980.80    0.00        23980.80   
  81       2014701      1        12       869476       0.38   36       0        98288       24152.11    0.00        24152.11   
  82       2816669      1        4        1012448      0.45   21       0        98112       48211.81    0.00        48211.81   
  83       2022053      1        2        191438       0.08   5        0        97256       38287.60    0.00        38287.60   
  84       2013441      1        9        327926       0.14   4        0        96816       81981.50    0.00        81981.50   
  85       2815659      1        3        185180       0.08   2        2        96378       92590.00    92590.00    0.00       
  86       2816327      1        4        264002       0.12   4        0        94972       66000.50    0.00        66000.50   
  87       2017613      1        9        285370       0.13   4        0        94464       71342.50    0.00        71342.50   
  88       2823144      1        2        92784        0.04   1        0        92784       92784.00    0.00        92784.00   
  89       2828986      1        2        369004       0.16   16       0        91580       23062.75    0.00        23062.75   
  90       2018959      1        3        114896       0.05   5        1        91346       22979.20    91346.00    5887.50    
  91       2815817      1        5        257030       0.11   4        0        91308       64257.50    0.00        64257.50   
  92       2013352      1        4        112356       0.05   5        0        90672       22471.20    0.00        22471.20   
  93       2811399      1        2        272732       0.12   7        0        90020       38961.71    0.00        38961.71   
  94       2022207      1        4        268782       0.12   4        0        89852       67195.50    0.00        67195.50   
  95       2014353      1        6        109444       0.05   5        0        89402       21888.80    0.00        21888.80   
  96       2815481      1        6        708954       0.31   12       0        89324       59079.50    0.00        59079.50   
  97       2828122      1        2        286042       0.13   4        0        89132       71510.50    0.00        71510.50   
  98       2803348      1        4        88940        0.04   1        0        88940       88940.00    0.00        88940.00   
  99       2018358      1        7        292010       0.13   4        0        88630       73002.50    0.00        73002.50   
  100      2823159      1        2        88094        0.04   1        0        88094       88094.00    0.00        88094.00   
  101      2021070      1        2        87918        0.04   1        0        87918       87918.00    0.00        87918.00   
  102      2821014      1        13       87526        0.04   1        0        87526       87526.00    0.00        87526.00   
  103      2816929      1        4        297194       0.13   4        0        87474       74298.50    0.00        74298.50   
  104      2025064      1        5        293430       0.13   4        0        87222       73357.50    0.00        73357.50   
  105      2018452      1        15       275354       0.12   4        0        86874       68838.50    0.00        68838.50   
  106      2018457      1        1        165202       0.07   4        0        86858       41300.50    0.00        41300.50   
  107      2815664      1        3        167448       0.07   2        0        86806       83724.00    0.00        83724.00   
  108      2826281      1        2        545970       0.24   18       0        86592       30331.67    0.00        30331.67   
  109      2819680      1        2        168394       0.07   2        0        86506       84197.00    0.00        84197.00   
  110      2009897      1        14       281534       0.12   4        0        84782       70383.50    0.00        70383.50   
  111      2024133      1        2        84102        0.04   1        0        84102       84102.00    0.00        84102.00   
  112      2021038      1        4        240326       0.11   4        0        83590       60081.50    0.00        60081.50   
  113      2804508      1        2        81958        0.04   1        0        81958       81958.00    0.00        81958.00   
  114      2815754      1        2        723560       0.32   12       0        81658       60296.67    0.00        60296.67   
  115      2018789      1        3        433024       0.19   10       0        80790       43302.40    0.00        43302.40   
  116      2802876      1        3        256764       0.11   4        0        80144       64191.00    0.00        64191.00   
  117      2802881      1        3        159360       0.07   2        0        80042       79680.00    0.00        79680.00   
  118      2816928      1        3        247718       0.11   4        0        79676       61929.50    0.00        61929.50   
  119      2024767      1        2        235902       0.10   4        0        79214       58975.50    0.00        58975.50   
  120      2828060      1        4        311686       0.14   6        0        78246       51947.67    0.00        51947.67   
  121      2830036      1        1        975008       0.43   29       0        77410       33620.97    0.00        33620.97   
  122      2019881      1        3        229066       0.10   4        0        77096       57266.50    0.00        57266.50   
  123      2023875      1        2        267544       0.12   4        0        76308       66886.00    0.00        66886.00   
  124      2816525      1        10       247224       0.11   4        0        76176       61806.00    0.00        61806.00   
  125      2819857      1        1        2

This file has been truncated. Go here to download in full.


keyword_perf.log - (16020 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/20/2019 -- 08:39:24
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             10512098        1783            1783            35380           5895.00         5895.00         0.00           
  threshold        35112           2               2               25496           17556.00        17556.00        0.00           
  content          65191336        2785            1230            32523010        23408.00        12133.00        32325.00       
  pcre             3324300         407             34              78294           8167.00         13528.00        7679.00        
  byte_test        2275998         411             135             121498          5537.00         5840.00         5389.00        
  byte_jump        156436          29              14              15652           5394.00         5892.00         4929.00        
  isdataat         90826           18              0               6616            5045.00         0.00            5045.00        
  flowbits         2419052         434             55              135474          5573.00         5681.00         5558.00        
  urilen           1063648         181             70              30310           5876.00         6085.00         5744.00        
  byte_extract     44292           4               4               30120           11073.00        11073.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             10512098        1783            1783            35380           5895.00         5895.00         0.00           
  flowbits         2309248         420             41              135474          5498.00         4942.00         5558.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16348584        997             375             218220          16397.00        21308.00        13437.00       
  pcre             422572          41              4               78294           10306.00        27532.00        8444.00        
  byte_test        2275998         411             135             121498          5537.00         5840.00         5389.00        
  byte_jump        113486          21              6               15652           5404.00         6590.00         4929.00        
  isdataat         90826           18              0               6616            5045.00         0.00            5045.00        
  byte_extract     44292           4               4               30120           11073.00        11073.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         109804          14              14              12652           7843.00         7843.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        35112           2               2               25496           17556.00        17556.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33946638        228             67              32523010        148888.00       6182.00         208275.00      
  pcre             623782          52              2               61048           11995.00        10676.00        12048.00       
  urilen           1063648         181             70              30310           5876.00         6085.00         5744.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          963506          128             24              39832           7527.00         11510.00        6608.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          143146          28              0               6238            5112.00         0.00            5112.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6235086         202             58              286626          30866.00        29205.00        31535.00       
  pcre             1288738         227             0               68312           5677.00         0.00            5677.00        
  byte_jump        42950           8               8               7122            5368.00         5368.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5316354         835             516             31410           6366.00         6494.00         6160.00        
  pcre             890102          78              20              39676           11411.00        12649.00        10984.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          981642          166             74              26518           5913.00         6036.00         5814.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          76396           12              0               20154           6366.00         0.00            6366.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          101380          14              14              28008           7241.00         7241.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7396            1               0               7396            7396.00         0.00            7396.00        
  pcre             23612           1               0               23612           23612.00        0.00            23612.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          202348          34              23              11726           5951.00         5570.00         6748.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          769772          124             72              23280           6207.00         6751.00         5455.00        
  pcre             75494           8               8               19536           9436.00         9436.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5190            1               0               5190            5190.00         0.00            5190.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          67880           13              7               6508            5221.00         5140.00         5316.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26018           2               0               20914           13009.00        0.00            13009.00       


IDSDeathBlossom.py.log - (1147 bytes) - download
1
2
3
4
5
6
7
8
2019-09-20 08:39:00,146 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-20 08:39:00,993 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-20 08:39:00,993 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-20 08:39:00,993 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-20 08:39:00,993 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-20 08:39:00,994 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dc3a62becde112f824b78127ad5e6b3b56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09202019.0838-network.pcap -vvv -k none
2019-09-20 08:39:25,013 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-20 08:39:25,013 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.8765320778