Filename: 44c1463c-cda3-4a46-a14a-2cbcc42c12cc.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.17855882645 seconds
Hash: dd4517551ee46094d4d7c344878a5e76
Uploaded: 1553616003

Logfiles


packet_stats.log - (19066 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       2             6        279664861      281279164     280462856          1.7b    0.21
 IPv4       6          3559          4820777      317091397     222642400        792.4b   96.70
 IPv4      17            71          5567558      312660159     216331775         15.4b    1.87
 IPv6      17            30          5399233      289016714     212180626          6.4b    0.78
 IPv6      58            13        279734524      281358210     280455502          3.6b    0.44
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       2             6            72888         104339         85037        510.2k    0.10
TMM_FLOWWORKER              IPv4       6          3559            68989       14523585        124515        443.2m   82.85
TMM_FLOWWORKER              IPv4      17            71           114153        7044499        269108         19.1m    3.57
TMM_RECEIVEPCAPFILE         IPv4       2             6             2558           2706          2594         15.6k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          3558             2554         144341          3053         10.9m    2.03
TMM_RECEIVEPCAPFILE         IPv4      17            71             2565           3496          2747        195.1k    0.04
TMM_DECODEPCAPFILE          IPv4       2             6             2686           4466          3066         18.4k    0.00
TMM_DECODEPCAPFILE          IPv4       6          3558             2656       21052882         15459         55.0m   10.28
TMM_DECODEPCAPFILE          IPv4      17            71             2726           4165          2886        204.9k    0.04
TMM_FLOWWORKER              IPv6      17            30           103597         379855        149367          4.5m    0.84
TMM_FLOWWORKER              IPv6      58            13            67192          92947         76904        999.8k    0.19
TMM_RECEIVEPCAPFILE         IPv6      17            30             2561          11300          3034         91.0k    0.02
TMM_RECEIVEPCAPFILE         IPv6      58            13             2577           2829          2678         34.8k    0.01
TMM_DECODEPCAPFILE          IPv6      17            30             2748          42533          4300        129.0k    0.02
TMM_DECODEPCAPFILE          IPv6      58            13             2840          11129          3653         47.5k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3558             2702          65094          3245         11.5m  3.02  
flow                    IPv4      17            71             2838          28697          3934        279.3k  0.07  
stream                  IPv4       6          3559             2825        7444109          7941         28.3m  7.39  
app-layer               IPv4      17            71             2536          32559          5316        377.4k  0.10  
detect                  IPv4       2             6            67297          98835         77287        463.7k  0.12  
detect                  IPv4       6          3559            45720       14488101         88739        315.8m  82.60 
detect                  IPv4      17            71            97810         351917        145151         10.3m  2.70  
tcp-prune               IPv4       6          3559             2548          44016          2886         10.3m  2.69  
flow                    IPv6      17            30             2826          15027          4147        124.4k  0.03  
flow                    IPv6      58            13             2849           5946          3466         45.1k  0.01  
app-layer               IPv6      17            30             2542          26685          5841        175.2k  0.05  
detect                  IPv6      17            30            87158         315965        128063          3.8m  1.00  
detect                  IPv6      58            13            56004          80444         65189        847.5k  0.22  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2             5293          43690         24491         49.0k  28.02 
tls                     IPv4       6             2             2726           6257          4491          9.0k  5.14  
tls                     IPv4      17             5             2726           4472          3075         15.4k  8.80  
dns                     IPv4      17            11             3660          19154          6826         75.1k  42.96 
tls                     IPv6      17             5             2726           4472          3075         15.4k  8.80  
dns                     IPv6      17             3             3660           3660          3660         11.0k  6.28  
Proto detect            IPv4      17            19             2737           8318          4126         78.4k
Proto detect            IPv6      17            11             2816          19471          5342         58.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             8            36574        6632347        907634          7.3m  93.65 
LOGGER_JSON_HTTP            IPv4       6             2            40048         162525        101286        202.6k  2.61  
LOGGER_JSON_TLS             IPv4       6             1            46180          46180         46180         46.2k  0.60  
LOGGER_JSON_FILE            IPv4       6             3            44686         104509         81251        243.8k  3.14  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            95             2598          83942         17361         1.6m  12.65 
payload                           IPv4      17            71             3019          39205          6519       462.9k  3.55  
stream                            IPv4       6            95             2549         265586         25534         2.4m  18.61 
http_uri                          IPv4       6             2             5541          21314         13427        26.9k  0.21  
http_request_line                 IPv4       6             2             5269           7222          6245        12.5k  0.10  
http_client_body                  IPv4       6             3             3363          10034          5763        17.3k  0.13  
http_header (request)             IPv4       6             2            54619          57640         56129       112.3k  0.86  
http_header (request trailer)     IPv4       6             2             2643           2657          2650         5.3k  0.04  
http_header_names (request)       IPv4       6             2            21408          21497         21452        42.9k  0.33  
http_accept (request)             IPv4       6             2             6500           8108          7304        14.6k  0.11  
http_referer (request)            IPv4       6             2             3308           4032          3670         7.3k  0.06  
http_content_len (request)        IPv4       6             2             4721           5091          4906         9.8k  0.08  
http_content_type (request)       IPv4       6             2             4676          27365         16020        32.0k  0.25  
http_start (request)              IPv4       6             2             8096          14029         11062        22.1k  0.17  
http_raw_header (request)         IPv4       6             3             7533          10707          8730        26.2k  0.20  
http_method                       IPv4       6             2             5214           7027          6120        12.2k  0.09  
http_cookie (request)             IPv4       6             2             3596           3987          3791         7.6k  0.06  
http_raw_uri                      IPv4       6             2             3037           6145          4591         9.2k  0.07  
http_user_agent                   IPv4       6             2            18183          19083         18633        37.3k  0.29  
http_host                         IPv4       6             2             7714           9307          8510        17.0k  0.13  
dns_query                         IPv4      17             4             7007          12742          9707        38.8k  0.30  
tls_sni                           IPv4       6             1             7815           7815          7815         7.8k  0.06  
http_response_line                IPv4       6             2             9326          10677         10001        20.0k  0.15  
http_header (response)            IPv4       6             2            26136          38631         32383        64.8k  0.50  
http_header (response trailer)    IPv4       6             2             2682           3258          2970         5.9k  0.05  
http_content_type (response)      IPv4       6             2             3165           5826          4495         9.0k  0.07  
http_raw_header (response)        IPv4       6            76             8152          37216         10270       780.6k  5.99  
http_cookie (response)            IPv4       6             2             2873          12484          7678        15.4k  0.12  
http_stat_code                    IPv4       6             2             4231           4323          4277         8.6k  0.07  
tls_cert_issuer                   IPv4       6             1             7230           7230          7230         7.2k  0.06  
tls_cert_subject                  IPv4       6             1             5249           5249          5249         5.2k  0.04  
tls_cert_serial                   IPv4       6             1             5296           5296          5296         5.3k  0.04  
file_data (http response)         IPv4       6            76             2577         987504         90022         6.8m  52.48 
Total                             IPv4                   469                                         27208        12.8m
payload                           IPv6      17            30             3008          36084          7796       233.9k  1.79  
payload                           IPv6      58            13             2728           5710          3251        42.3k  0.32  
Total                             IPv6                    43                                          6422       276.2k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       2             6            19043          50356         26721        160.3k  0.06  
PROF_DETECT_IPONLY          IPv4       6             6             7885          30360         19203        115.2k  0.05  
PROF_DETECT_IPONLY          IPv4      17            19            19053          46919         27756        527.4k  0.21  
PROF_DETECT_RULES           IPv4       2             6             2552           2600          2572         15.4k  0.01  
PROF_DETECT_RULES           IPv4       6          3559             2532        1281017          6723         23.9m  9.42  
PROF_DETECT_RULES           IPv4      17            71            39223         204862         67766          4.8m  1.89  
PROF_DETECT_STATEFUL_START    IPv4       6            74             5122        1005114         92797          6.9m  2.70  
PROF_DETECT_STATEFUL_CONT    IPv4       2             6             2580           2813          2712         16.3k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv4       6          3559             2560       14419830         10163         36.2m  14.24 
PROF_DETECT_STATEFUL_CONT    IPv4      17            71             2553          26638          3369        239.2k  0.09  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          3547             2553        7061346          4748         16.8m  6.63  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             8             2676           3582          2983         23.9k  0.01  
PROF_DETECT_PREFILTER       IPv4       2             6             7957           8325          8130         48.8k  0.02  
PROF_DETECT_PREFILTER       IPv4       6          3559             7898        5702858         20551         73.1m  28.80 
PROF_DETECT_PREFILTER       IPv4      17            71            23722          78079         30102          2.1m  0.84  
PROF_DETECT_PF_PAYLOAD      IPv4       6            95            13394         295654         50959          4.8m  1.91  
PROF_DETECT_PF_PAYLOAD      IPv4      17            71             8073          44750         11919        846.3k  0.33  
PROF_DETECT_PF_TX           IPv4       6          3547             2584        1033425          5963         21.2m  8.33  
PROF_DETECT_PF_TX           IPv4      17             4            12664          18533         15539         62.2k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6            51             2573          18397          3570        182.1k  0.07  
PROF_DETECT_PF_SORT1        IPv4      17            71             2612           5140          3022        214.6k  0.08  
PROF_DETECT_PF_SORT2        IPv4       2             6             2553           2809          2636         15.8k  0.01  
PROF_DETECT_PF_SORT2        IPv4       6          3559             2519          51431          2694          9.6m  3.78  
PROF_DETECT_PF_SORT2        IPv4      17            71             2556           4236          2723        193.3k  0.08  
PROF_DETECT_NONMPMLIST      IPv4       2             6             2599           2817          2759         16.6k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       6          3559             2531         439298          3078         11.0m  4.31  
PROF_DETECT_NONMPMLIST      IPv4      17            71             2530          15808          3025        214.8k  0.08  
PROF_DETECT_ALERT           IPv4       2             6             2544           2595          2561         15.4k  0.01  
PROF_DETECT_ALERT           IPv4       6          3559             2525        5456156          4310         15.3m  6.04  
PROF_DETECT_ALERT           IPv4      17            71             2529           4137          2646        187.9k  0.07  
PROF_DETECT_CLEANUP         IPv4       2             6             2536           2609          2566         15.4k  0.01  
PROF_DETECT_CLEANUP         IPv4       6          3559             2561          27186          2752          9.8m  3.86  
PROF_DETECT_CLEANUP         IPv4      17            71             2527          27243          3272        232.4k  0.09  
PROF_DETECT_GETSGH          IPv4       2             6             2766           2807          2783         16.7k  0.01  
PROF_DETECT_GETSGH          IPv4       6          3559             2524          44900          2909         10.4m  4.08  
PROF_DETECT_GETSGH        

This file has been truncated. Go here to download in full.


stats.log - (3373 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
------------------------------------------------------------------------------------
Date: 3/26/2019 -- 16:00:13 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3902
decoder.bytes                              | Total                     | 3820153
decoder.ipv4                               | Total                     | 3635
decoder.ipv6                               | Total                     | 43
decoder.ethernet                           | Total                     | 3902
decoder.tcp                                | Total                     | 3558
decoder.udp                                | Total                     | 101
decoder.icmpv6                             | Total                     | 13
decoder.avg_pkt_size                       | Total                     | 979
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 26
flow.icmpv6                                | Total                     | 4
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 3
tcp.synack                                 | Total                     | 3
tcp.rst                                    | Total                     | 1
detect.nonmpm_list                         | Total                     | 1
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 2
app_layer.flow.tls                         | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 4
app_layer.tx.dns_udp                       | Total                     | 4
app_layer.flow.failed_udp                  | Total                     | 22
flow_mgr.closed_pruned                     | Total                     | 2
flow_mgr.new_pruned                        | Total                     | 26
flow_mgr.est_pruned                        | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 33
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.flows_timeout                     | Total                     | 30
flow_mgr.flows_timeout_inuse               | Total                     | 1
flow_mgr.flows_removed                     | Total                     | 29
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65503
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7083808


eve.json - (7097 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
{"timestamp":"2019-03-22T11:04:40.911055+0000","flow_id":1389790235256527,"pcap_cnt":26,"event_type":"dns","src_ip":"192.168.100.124","src_port":53607,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64718,"rrname":"www.triosalud.cl","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-22T11:04:40.911330+0000","flow_id":1389790235256527,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.124","dest_port":53607,"proto":"UDP","dns":{"type":"answer","id":64718,"rcode":"NOERROR","rrname":"www.triosalud.cl","rrtype":"CNAME","ttl":4068,"rdata":"triosalud.cl"}}
{"timestamp":"2019-03-22T11:04:40.911330+0000","flow_id":1389790235256527,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.124","dest_port":53607,"proto":"UDP","dns":{"type":"answer","id":64718,"rcode":"NOERROR","rrname":"triosalud.cl","rrtype":"A","ttl":4068,"rdata":"190.107.177.246"}}
{"timestamp":"2019-03-22T11:04:40.975561+0000","flow_id":223569175385473,"pcap_cnt":35,"event_type":"tls","src_ip":"192.168.100.124","src_port":49207,"dest_ip":"190.107.177.246","dest_port":443,"proto":"TCP","tls":{"subject":"CN=190.107.177.246","issuerdn":"C=AU, ST=Some-State, L=City, O=Some Company"}}
{"timestamp":"2019-03-22T11:06:12.998386+0000","flow_id":1555631813442546,"pcap_cnt":3578,"event_type":"dns","src_ip":"192.168.100.124","src_port":58515,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22881,"rrname":"teredo.ipv6.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-22T11:06:12.998589+0000","flow_id":1555631813442546,"pcap_cnt":3579,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.124","dest_port":58515,"proto":"UDP","dns":{"type":"answer","id":22881,"rcode":"NXDOMAIN","rrname":"teredo.ipv6.microsoft.com"}}
{"timestamp":"2019-03-22T11:07:21.656862+0000","flow_id":429040421373406,"pcap_cnt":3646,"event_type":"dns","src_ip":"192.168.100.124","src_port":56460,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":9429,"rrname":"www.bing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-22T11:07:21.670247+0000","flow_id":429040421373406,"pcap_cnt":3647,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.124","dest_port":56460,"proto":"UDP","dns":{"type":"answer","id":9429,"rcode":"NOERROR","rrname":"www.bing.com","rrtype":"CNAME","ttl":24,"rdata":"a-0001.a-afdentry.net.trafficmanager.net"}}
{"timestamp":"2019-03-22T11:07:21.670247+0000","flow_id":429040421373406,"pcap_cnt":3647,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.124","dest_port":56460,"proto":"UDP","dns":{"type":"answer","id":9429,"rcode":"NOERROR","rrname":"a-0001.a-afdentry.net.trafficmanager.net","rrtype":"CNAME","ttl":29,"rdata":"dual-a-0001.a-msedge.net"}}
{"timestamp":"2019-03-22T11:07:21.670247+0000","flow_id":429040421373406,"pcap_cnt":3647,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.124","dest_port":56460,"proto":"UDP","dns":{"type":"answer","id":9429,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":5,"rdata":"204.79.197.200"}}
{"timestamp":"2019-03-22T11:07:21.670247+0000","flow_id":429040421373406,"pcap_cnt":3647,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.124","dest_port":56460,"proto":"UDP","dns":{"type":"answer","id":9429,"rcode":"NOERROR","rrname":"dual-a-0001.a-msedge.net","rrtype":"A","ttl":5,"rdata":"13.107.21.200"}}
{"timestamp":"2019-03-22T11:07:22.174783+0000","flow_id":604481245505472,"pcap_cnt":3773,"event_type":"http","src_ip":"192.168.100.124","src_port":49157,"dest_ip":"204.79.197.200","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.bing.com","url":"\/","http_user_agent":"Mozilla\/3.0 (compatible; Indy Library)","http_content_type":"text\/html"}}
{"timestamp":"2019-03-22T11:07:22.340314+0000","flow_id":1642278488256858,"pcap_cnt":3775,"event_type":"dns","src_ip":"192.168.100.124","src_port":58659,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":45937,"rrname":"www.triosalud.cl","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-22T11:07:22.340466+0000","flow_id":1642278488256858,"pcap_cnt":3776,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.124","dest_port":58659,"proto":"UDP","dns":{"type":"answer","id":45937,"rcode":"NOERROR","rrname":"www.triosalud.cl","rrtype":"CNAME","ttl":3906,"rdata":"triosalud.cl"}}
{"timestamp":"2019-03-22T11:07:22.340466+0000","flow_id":1642278488256858,"pcap_cnt":3776,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.124","dest_port":58659,"proto":"UDP","dns":{"type":"answer","id":45937,"rcode":"NOERROR","rrname":"triosalud.cl","rrtype":"A","ttl":3906,"rdata":"190.107.177.246"}}
{"timestamp":"2019-03-22T11:07:22.364552+0000","flow_id":604481245505472,"pcap_cnt":3778,"event_type":"fileinfo","src_ip":"204.79.197.200","src_port":80,"dest_ip":"192.168.100.124","dest_port":49157,"proto":"TCP","http":{"hostname":"www.bing.com","url":"\/","http_user_agent":"Mozilla\/3.0 (compatible; Indy Library)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":90995},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":90995,"tx_id":0}}
{"timestamp":"2019-03-22T11:07:24.994157+0000","flow_id":1735792811193209,"pcap_cnt":3790,"event_type":"fileinfo","src_ip":"192.168.100.124","src_port":49158,"dest_ip":"190.107.177.246","dest_port":80,"proto":"TCP","http":{"hostname":"www.triosalud.cl","url":"\/wp\/wp-content\/uploads\/2019\/03\/up.php","http_user_agent":"Mozilla\/3.0 (compatible; Indy Library)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.0","status":200,"length":5},"app_proto":"http","fileinfo":{"filename":"\/wp\/wp-content\/uploads\/2019\/03\/up.php","gaps":false,"state":"CLOSED","stored":false,"size":26,"tx_id":0}}
{"timestamp":"2019-03-22T11:07:25.018570+0000","flow_id":1735792811193209,"pcap_cnt":3792,"event_type":"http","src_ip":"192.168.100.124","src_port":49158,"dest_ip":"190.107.177.246","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.triosalud.cl","url":"\/wp\/wp-content\/uploads\/2019\/03\/up.php","http_user_agent":"Mozilla\/3.0 (compatible; Indy Library)","http_content_type":"text\/html"}}
{"timestamp":"2019-03-22T11:07:25.018570+0000","flow_id":1735792811193209,"pcap_cnt":3792,"event_type":"fileinfo","src_ip":"190.107.177.246","src_port":80,"dest_ip":"192.168.100.124","dest_port":49158,"proto":"TCP","http":{"hostname":"www.triosalud.cl","url":"\/wp\/wp-content\/uploads\/2019\/03\/up.php","http_user_agent":"Mozilla\/3.0 (compatible; Indy Library)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.0","status":200,"length":5},"app_proto":"http","fileinfo":{"filename":"\/wp\/wp-content\/uploads\/2019\/03\/up.php","gaps":false,"state":"CLOSED","stored":false,"size":5,"tx_id":0}}


keyword_perf.log - (10612 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/26/2019 -- 16:00:13
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             647922          209             209             28779           3100.00         3100.00         0.00           
  content          3367357         418             207             208776          8055.00         10143.00        6007.00        
  pcre             1212824         335             8               103354          3620.00         4575.00         3597.00        
  byte_test        110816          35              16              6248            3166.00         3481.00         2900.00        
  isdataat         17095           6               0               3028            2849.00         0.00            2849.00        
  urilen           29659           9               2               3592            3295.00         3390.00         3268.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             647922          209             209             28779           3100.00         3100.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          728366          171             71              38838           4259.00         4550.00         4052.00        
  pcre             90449           13              4               29078           6957.00         4374.00         8105.00        
  byte_test        110816          35              16              6248            3166.00         3481.00         2900.00        
  isdataat         17095           6               0               3028            2849.00         0.00            2849.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          99719           26              13              5091            3835.00         4124.00         3546.00        
  pcre             27621           6               4               5496            4603.00         4777.00         4256.00        
  urilen           29659           9               2               3592            3295.00         3390.00         3268.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22189           6               0               4297            3698.00         0.00            3698.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6136            2               0               3073            3068.00         0.00            3068.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2249432         151             81              208776          14896.00        18963.00        10190.00       
  pcre             1089490         315             0               103354          3458.00         0.00            3458.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          137570          32              24              5993            4299.00         4504.00         3681.00        
  pcre             5264            1               0               5264            5264.00         0.00            5264.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33957           8               3               4870            4244.00         4098.00         4332.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3721            1               1               3721            3721.00         3721.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          65015           15              11              16487           4334.00         4597.00         3612.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18010           5               2               4557            3602.00         4513.00         2994.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3242            1               1               3242            3242.00         3242.00         0.00           


suricata-4.0.0-etopen-all-perf.txt-2019-03-26-T-16-00-13-03222019.1507-44c1463c-cda3-4a46-a14a-2cbcc42c12cc.pcap.txt - (18646 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 3/26/2019 -- 16:00:13. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2020865      1        3        1635216      10.65  5        0        453397      327043.20   0.00        327043.20  
  2        2025185      1        3        3351141      21.82  25       0        260386      134045.64   0.00        134045.64  
  3        2015556      1        21       388261       2.53   4        0        181073      97065.25    0.00        97065.25   
  4        2012970      1        2        365687       2.38   4        0        178676      91421.75    0.00        91421.75   
  5        2022524      1        4        163206       1.06   1        0        163206      163206.00   0.00        163206.00  
  6        2021946      1        2        113512       0.74   1        0        113512      113512.00   0.00        113512.00  
  7        2023476      1        5        113362       0.74   1        0        113362      113362.00   0.00        113362.00  
  8        2019833      1        7        112550       0.73   1        0        112550      112550.00   0.00        112550.00  
  9        2019832      1        4        91050        0.59   1        0        91050       91050.00    0.00        91050.00   
  10       2018005      1        6        79052        0.51   1        0        79052       79052.00    0.00        79052.00   
  11       2021418      1        9        57474        0.37   1        0        57474       57474.00    0.00        57474.00   
  12       2024771      1        1        470817       3.07   75       0        54735       6277.56     0.00        6277.56    
  13       2017259      1        12       50685        0.33   1        0        50685       50685.00    0.00        50685.00   
  14       2022221      1        3        423890       2.76   9        0        48878       47098.89    0.00        47098.89   
  15       2022627      1        12       48416        0.32   1        0        48416       48416.00    0.00        48416.00   
  16       2022535      1        11       45872        0.30   1        0        45872       45872.00    0.00        45872.00   
  17       2009471      1        9        82998        0.54   3        0        43562       27666.00    0.00        27666.00   
  18       2024099      1        2        87310        0.57   3        0        43491       29103.33    0.00        29103.33   
  19       2022901      1        2        42714        0.28   1        0        42714       42714.00    0.00        42714.00   
  20       2014911      1        10       88186        0.57   3        0        42213       29395.33    0.00        29395.33   
  21       2018457      1        1        42181        0.27   1        0        42181       42181.00    0.00        42181.00   
  22       2017261      1        3        40236        0.26   1        0        40236       40236.00    0.00        40236.00   
  23       2016537      1        2        658983       4.29   45       0        39317       14644.07    0.00        14644.07   
  24       2012619      1        7        61905        0.40   2        0        38883       30952.50    0.00        30952.50   
  25       2021413      1        2        38239        0.25   1        0        38239       38239.00    0.00        38239.00   
  26       2020181      1        8        36376        0.24   1        0        36376       36376.00    0.00        36376.00   
  27       2019094      1        5        45332        0.30   2        0        36075       22666.00    0.00        22666.00   
  28       2019608      1        4        36075        0.23   1        0        36075       36075.00    0.00        36075.00   
  29       2021701      1        1        109137       0.71   23       0        36044       4745.09     0.00        4745.09    
  30       2016706      1        20       35882        0.23   1        0        35882       35882.00    0.00        35882.00   
  31       2017695      1        4        35049        0.23   1        0        35049       35049.00    0.00        35049.00   
  32       2007863      1        9        77196        0.50   3        0        34652       25732.00    0.00        25732.00   
  33       2015877      1        6        34052        0.22   1        0        34052       34052.00    0.00        34052.00   
  34       2022552      1        2        487409       3.17   25       0        33972       19496.36    0.00        19496.36   
  35       2017967      1        3        33025        0.22   1        0        33025       33025.00    0.00        33025.00   
  36       2007913      1        7        60343        0.39   2        0        31211       30171.50    0.00        30171.50   
  37       2017656      1        5        60513        0.39   2        0        31179       30256.50    0.00        30256.50   
  38       2022694      1        2        61328        0.40   2        0        31161       30664.00    0.00        30664.00   
  39       2016379      1        5        60096        0.39   12       0        31054       5008.00     0.00        5008.00    
  40       2017552      1        6        675217       4.40   47       0        30586       14366.32    0.00        14366.32   
  41       2021038      1        4        29423        0.19   1        0        29423       29423.00    0.00        29423.00   
  42       2020295      1        6        57835        0.38   2        0        29102       28917.50    0.00        28917.50   
  43       2012312      1        7        58134        0.38   2        0        29069       29067.00    0.00        29067.00   
  44       2009127      1        7        65040        0.42   3        0        28915       21680.00    0.00        21680.00   
  45       2022480      1        2        28875        0.19   1        0        28875       28875.00    0.00        28875.00   
  46       2022073      1        2        28852        0.19   1        0        28852       28852.00    0.00        28852.00   
  47       2017948      1        2        37122        0.24   2        0        28458       18561.00    0.00        18561.00   
  48       2015504      1        4        55593        0.36   2        0        28236       27796.50    0.00        27796.50   
  49       2010140      1        7        510271       3.32   98       0        26800       5206.85     0.00        5206.85    
  50       2019230      1        2        47023        0.31   4        0        26698       11755.75    0.00        11755.75   
  51       2009702      1        5        106829       0.70   8        0        25818       13353.62    0.00        13353.62   
  52       2010515      1        6        84940        0.55   22       0        25462       3860.91     0.00        3860.91    
  53       2014097      1        3        25307        0.16   1        0        25307       25307.00    0.00        25307.00   
  54       2021637      1        2        40731        0.27   7        0        23578       5818.71     0.00        5818.71    
  55       2011283      1        4        44874        0.29   2        0        23296       22437.00    0.00        22437.00   
  56       2022502      1        4        44896        0.29   2        0        22703       22448.00    0.00        22448.00   
  57       2012707      1        5        43240        0.28   2        0        21830       21620.00    0.00        21620.00   
  58       2021160      1        2        21423        0.14   1        0        21423       21423.00    0.00        21423.00   
  59       2014701      1        12       93276        0.61   8        0        21347       11659.50    0.00        11659.50   
  60       2016809      1        5        21110        0.14   1        0        21110       21110.00    0.00        21110.00   
  61       2022543      1        1        66929        0.44   4        0        21002       16732.25    0.00        16732.25   
  62       2014967      1        3        20533        0.13   1        0        20533       20533.00    0.00        20533.00   
  63       2024606      1        2        20458        0.13   1        0        20458       20458.00    0.00        20458.00   
  64       2014380      1        4        37009        0.24   2        0        20268       18504.50    0.00        18504.50   
  65       2010883      1        5        34547        0.22   2        0        18902       17273.50    0.00        17273.50   
  66       2010142      1        4        281898       1.84   98       0        18110       2876.51     0.00        2876.51    
  67       2019011      1        3        44677        0.29   10       0        17747       4467.70     0.00        4467.70    
  68       2010799      1        5        34531        0.22   2        0        17328       17265.50    0.00        17265.50   
  69       2023624      1        3        197261       1.28   65       0        16787       3034.78     0.00        3034.78    
  70       2022531      1        1        16569        0.11   1        0        16569       16569.00    0.00        16569.00   
  71       2010143      1        3        288090       1.88   98       0        16017       2939.69     0.00        2939.69    
  72       2008120      1        4        280271       1.82   101      0        15998       2774.96     0.00        2774.96    
  73       2023627      1        3        175420       1.14   56       0        15831       3132.50     0.00        3132.50    
  74       2014702      1        9        68238        0.44   8        0        15287       8529.75     0.00        8529.75    
  75       2014703      1        9        70550        0.46   8        0        15266       8818.75     0.00        8818.75    
  76       2023622      1        3        240203       1.56   86       0        14921       2793.06     0.00        2793.06    
  77       2022545      1        1        14591        0.10   1        0        14591       14591.00    0.00        14591.00   
  78       2018789      1        3        4911         0.03   1        0        4911        4911.00     0.00        4911.00    
  79       2008116      1        4        36364        0.24   12       0        4240        3030.33     0.00        3030.33    
  80       2010513      1        5        66574        0.43   22       0        3968        3026.09     0.00        3026.09    
  81       2017134      1        5        20229        0.13   7        0        3915        2889.86     0.00        2889.86    
  82       2021584      1        4        3881         0.03   1        0        3881        3881.00     0.00        3881.00    
  83       2102190      1        5        12279        0.08   4        0        3818        3069.75     0.00        3069.75    
  84       2025200      1        1        26788        0.17   8        0        3783        3348.50     0.00        3348.50    
  85       2013926      1        8        3743         0.02   1        0        3743        3743.00     0.00        3743.00    
  86       2014472      1        7        50940        0.33   19       0        3696        2681.05     0.00        2681.05    
  87       2009243      1        2        41833        0.27   15       0        3693        2788.87     0.00        2788.87    
  88       2001330      1        8        12392        0.08   4        0        3682        3098.00     0.00        3098.00    
  89       2008420      1        4        7197         0.05   2        0        3662        3598.50     0.00        3598.50    
  90       2019016      1        3        28816        0.19   10       0        3627        2881.60     0.00        2881.60    
  91       2014704      1        7        3626         0.02   1        0        3626        3626.00     0.00        3626.00    
  92       2020205      1        4        3621         0.02   1        0        3621        3621.00     0.00        3621.00    
  93       2019017      1        3        12394        0.08   4        0        3611        3098.50     0.00        3098.50    
  94       2021585      1        3        6399         0.04   2        0        3566        3199.50     0.00        3199.50    
  95       2008118      1        3        41736        0.27   15       0        3548        2782.40     0.00        2782.40    
  96       2016540      1        3        52555        0.34   19       0        3533        2766.05     0.00        2766.05    
  97       2009387      1        4        3516         0.02   1        0        3516        3516.00     0.00        3516.00    
  98       2008119      1        3        9461         0.06   3        0        3514        3153.67     0.00        3153.67    
  99       2016401      1        3        27105        0.18   10       0        3486        2710.50     0.00        2710.50    
  100      2018558      1        5        3462         0.02   1        0        3462        3462.00     0.00        3462.00    
  101      2017935      1        3        6622         0.04   2        0        3454        3311.00     0.00        3311.00    
  102      2016948      1        2        68253        0.44   25       0        3429        2730.12     0.00        2730.12    
  103      2100540      1        12       22886        0.15   8        0        3423        2860.75     0.00        2860.75    
  104      2022547      1        1        11855        0.08   4        0        3411        2963.75     0.00        2963.75    
  105      2019010      1        3        12780        0.08   4        0        3409        3195.00     0.00        3195.00    
  106      2024777      1        2        6291         0.04   2        0        3405        3145.50     0.00        3145.50    
  107      2018768      1        2        16980        0.11   6        0        3398        2830.00     0.00        2830.00    
  108      2008117      1        3        46160        0.30   16       0        3343        2885.00     0.00        2885.00    
  109      2024513      1        5        6584         0.04   2        0        3332        3292.00     0.00        3292.00    
  110      2019403      1        1        6375         0.04   2        0        3306        3187.50     0.00        3187.50    
  111      2103158      1        6        11614        0.08   4        0        3299        2903.50     0.00        2903.50    
  112      2100540      1        12       22377        0.15   8        0        3297        2797.12     0.00        2797.12    
  113      2023621      1        4        11083        0.07   4        0        3291        2770.75     0.00        2770.75    
  114      2016181      1        2        3278         0.02   1        0        3278        3278.00     0.00        3278.00    
  115      2021702      1        1        62428        0.41   23       0        3266        2714.26     0.00        2714.26    
  116      2023612      1        4        30522        0.20   11       0        3260        2774.73     0.00        2774.73    
  117      2024650      1        1        3256         0.02   1        0        3256        3256.00     0.00        3256.00    
  118      2018234      1        2        50239        0.33   19       0        3251        2644.16     0.00        2644.16    
  119      2103159      1        4        5924         0.04   2        0        3249        2962.00     0.00        2962.00    
  120      2024602      1        2        11368        0.07   4        0        3223        2842.00     0.00        2842.00    
  121      2019019      1        3        3218         0.02   1        0        3218        3218.00     0.00        3218.00    
  122      2023625      1        3        143705       0.94   55       0        3210        2612.82     0.00        2612.82    
  123      2016400      1        3        26739        0.17   10       0        3205        2673.90     0.00        2673.90    
  124      2102523      1        8        9316         0.06   3        0        3141        3105.33     0.00        3105.33    
  125      2100518      1        8        3

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1179 bytes) - download
1
2
3
4
5
6
7
8
2019-03-26 16:00:04,129 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-26 16:00:04,871 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-26 16:00:04,871 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-03-26 16:00:04,871 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-26 16:00:04,871 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-26 16:00:04,872 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/dd4517551ee46094d4d7c344878a5e76d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/03222019.1507-44c1463c-cda3-4a46-a14a-2cbcc42c12cc.pcap -vvv -k none
2019-03-26 16:00:13,123 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-26 16:00:13,123 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.00615715981


suricata-report-2019-03-26-T-16-00-13-03222019.1507-44c1463c-cda3-4a46-a14a-2cbcc42c12cc.pcap.txt - (18127 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/dd4517551ee46094d4d7c344878a5e76d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/03222019.1507-44c1463c-cda3-4a46-a14a-2cbcc42c12cc.pcap -vvv -k none
elapsedtime:8.249339
stderr:
stdout:
26/3/2019 -- 16:00:04 - <Info> - Configuration node 'rule-files' redefined.
26/3/2019 -- 16:00:04 - <Notice> - This is Suricata version 4.0.0 RELEASE
26/3/2019 -- 16:00:04 - <Info> - CPUs/cores online: 1
26/3/2019 -- 16:00:04 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32790 and 'request-body-inspect-window' set to 16746 after randomization.
26/3/2019 -- 16:00:04 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32506 and 'response-body-inspect-window' set to 15950 after randomization.
26/3/2019 -- 16:00:04 - <Config> - DNS request flood protection level: 500
26/3/2019 -- 16:00:04 - <Config> - DNS per flow memcap (state-memcap): 524288
26/3/2019 -- 16:00:04 - <Config> - DNS global memcap: 16777216
26/3/2019 -- 16:00:04 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
26/3/2019 -- 16:00:04 - <Config> - preallocated 1000 hosts of size 136
26/3/2019 -- 16:00:04 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
26/3/2019 -- 16:00:04 - <Config> - using magic-file /usr/share/file/magic
26/3/2019 -- 16:00:04 - <Config> - Core dump size is unlimited.
26/3/2019 -- 16:00:04 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
26/3/2019 -- 16:00:04 - <Config> - preallocated 1000 defrag trackers of size 168
26/3/2019 -- 16:00:04 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
26/3/2019 -- 16:00:04 - <Config> - stream "prealloc-sessions": 2048 (per thread)
26/3/2019 -- 16:00:04 - <Config> - stream "memcap": 33554432
26/3/2019 -- 16:00:04 - <Config> - stream "midstream" session pickups: disabled
26/3/2019 -- 16:00:04 - <Config> - stream "async-oneside": disabled
26/3/2019 -- 16:00:04 - <Config> - stream "checksum-validation": disabled
26/3/2019 -- 16:00:04 - <Config> - stream."inline": disabled
26/3/2019 -- 16:00:04 - <Config> - stream "bypass": disabled
26/3/2019 -- 16:00:04 - <Config> - stream "max-synack-queued": 5
26/3/2019 -- 16:00:04 - <Config> - stream.reassembly "memcap": 134217728
26/3/2019 -- 16:00:04 - <Config> - stream.reassembly "depth": 0
26/3/2019 -- 16:00:04 - <Config> - stream.reassembly "toserver-chunk-size": 2481
26/3/2019 -- 16:00:04 - <Config> - stream.reassembly "toclient-chunk-size": 2512
26/3/2019 -- 16:00:04 - <Config> - stream.reassembly.raw: enabled
26/3/2019 -- 16:00:04 - <Config> - stream.reassembly "segment-prealloc": 2048
26/3/2019 -- 16:00:04 - <Config> - Delayed detect disabled
26/3/2019 -- 16:00:04 - <Config> - pattern matchers: MPM: ac, SPM: bm
26/3/2019 -- 16:00:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
26/3/2019 -- 16:00:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
26/3/2019 -- 16:00:04 - <Config> - prefilter engines: MPM
26/3/2019 -- 16:00:04 - <Config> - IP reputation disabled
26/3/2019 -- 16:00:04 - <Perf> - Registered 148 keyword profiling counters.
26/3/2019 -- 16:00:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
26/3/2019 -- 16:00:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
26/3/2019 -- 16:00:04 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
26/3/2019 -- 16:00:06 - <Config> - No rules loaded from ET-emerging-icmp.rules.
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
26/3/2019 -- 16:00:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
26/3/2019 -- 16:00:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
26/3/2019 -- 16:00:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
26/3/2019 -- 16:00:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
26/3/2019 -- 16:00:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
26/3/2019 -- 16:00:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
26/3/2019 -- 16:00:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
26/3/2019 -- 16:00:09 - <Config> - No rules loaded from local.rules.
26/3/2019 -- 16:00:09 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
26/3/2019 -- 16:00:09 - <Info> - Threshold config parsed: 0 rule(s) found
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for tcp-packet
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for tcp-stream
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for udp-packet
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for other-ip
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_uri
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_request_line
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_client_body
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_response_line
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_header
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_header
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_header_names
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_header_names
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_accept
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_accept_enc
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_accept_lang
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_referer
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_connection
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_content_len
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_content_len
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_content_type
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_content_type
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_protocol
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_protocol
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_start
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_start
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_raw_header
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_raw_header
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_method
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_cookie
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_cookie
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_raw_uri
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_user_agent
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_host
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_raw_host
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_stat_msg
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_stat_code
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for dns_query
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for tls_sni
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for tls_cert_issuer
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for tls_cert_subject
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for tls_cert_serial
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for dce_stub_data
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for dce_stub_data
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for ssh_protocol
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for ssh_protocol
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for ssh_software
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for ssh_software
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for file_data
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for file_data
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_request_line
26/3/2019 -- 16:00:09 - <Perf> - using shared mpm ctx' for http_response_line
26/3/2019 -- 16:00:09 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
26/3/2019 -- 16:00:09 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
26/3/2019 -- 16:00:09 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
26/3/2019 -- 16:00:09 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
26/3/2019 -- 16:00:09 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
26/3/2019 -- 16:00:09 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
26/3/2019 -- 16:00:09 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
26/3/2019 -- 16:00:09 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
26/3/2019 -- 16:00:10 - <Perf> - Unique rule groups: 111
26/3/2019 -- 16:00:10 - <Perf> - Builtin MPM "toserver TCP packet": 31
26/3/2019 -- 16:00:10 - <Perf> - Builtin MPM "toclient TCP packet": 20
26/3/2019 -- 16:00:10 - <Perf> - Builtin MPM "toserver TCP stream": 31
26/3/2019 -- 16:00:10 - <Perf> - Builtin MPM "toclient TCP stream": 21
26/3/2019 -- 16:00:10 - <Perf> - Builtin MPM "toserver UDP packet": 33
26/3/2019 -- 16:00:10 - <Perf> - Builtin MPM "toclient UDP packet": 15
26/3/2019 -- 16:00:10 - <Perf> - Builtin MPM "other IP packet": 2
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_uri": 8
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_request_line": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_client_body": 6
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient http_response_line": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_header": 6
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient http_header": 3
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_header_names": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_accept": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_referer": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_content_len": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_content_type": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient http_content_type": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_start": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_method": 3
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_cookie": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient http_cookie": 2
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver http_host": 2
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver dns_query": 4
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver tls_sni": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toserver file_data": 1
26/3/2019 -- 16:00:10 - <Perf> - AppLayer MPM "toclient file_data": 5
26/3/2019 -- 16:00:11 - <Perf> - Registered 18241 rule profiling counters.
26/3/2019 -- 16:00:11 - <Info> - fast output device (regular) initialized: alert
26/3/2019 -- 16:00:11 - <Info> - eve-log output device (regular) initialized: eve.json
26/3/2019 -- 16:00:11 - <Config> - enabling 'eve-log' module 'alert'
26/3/2019 -- 16:00:11 - <Config> - enabling 'eve-log' module 'http'
26/3/2019 -- 16:00:11 - <Config> - enabling 'eve-log' module 'dns'
26/3/2019 -- 16:00:11 - <Config> - enabling 'eve-log' module 'tls'
26/3/2019 -- 16:00:11 - <Config> - enabling 'eve-log' module 'files'
26/3/2019 -- 16:00:11 - <Config> - enabling 'eve-log' module 'ssh'
26/3/2019 -- 16:00:11 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
26/3/2019 

This file has been truncated. Go here to download in full.