Filename: wrccdc.qualifiers.2019-02-16.113949000000000.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 19.5996658802 seconds
Hash: dd65444a5d8bc5dac8d7ea223fa3b33b
Uploaded: 1562764359

Logfiles


suricata-report-2019-07-10-T-13-12-58-07102019.1312-wrccdc.qualifiers.2019-02-16.113949000000000.pcap.txt - (18152 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/dd65444a5d8bc5dac8d7ea223fa3b33bd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/07102019.1312-wrccdc.qualifiers.2019-02-16.113949000000000.pcap -vvv -k none
elapsedtime:18.695408
stderr:
stdout:
10/7/2019 -- 13:12:39 - <Info> - Configuration node 'rule-files' redefined.
10/7/2019 -- 13:12:39 - <Notice> - This is Suricata version 4.0.0 RELEASE
10/7/2019 -- 13:12:39 - <Info> - CPUs/cores online: 1
10/7/2019 -- 13:12:39 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31571 and 'request-body-inspect-window' set to 16827 after randomization.
10/7/2019 -- 13:12:39 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32358 and 'response-body-inspect-window' set to 16142 after randomization.
10/7/2019 -- 13:12:39 - <Config> - DNS request flood protection level: 500
10/7/2019 -- 13:12:39 - <Config> - DNS per flow memcap (state-memcap): 524288
10/7/2019 -- 13:12:39 - <Config> - DNS global memcap: 16777216
10/7/2019 -- 13:12:39 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
10/7/2019 -- 13:12:39 - <Config> - preallocated 1000 hosts of size 136
10/7/2019 -- 13:12:39 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
10/7/2019 -- 13:12:39 - <Config> - using magic-file /usr/share/file/magic
10/7/2019 -- 13:12:39 - <Config> - Core dump size is unlimited.
10/7/2019 -- 13:12:39 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
10/7/2019 -- 13:12:39 - <Config> - preallocated 1000 defrag trackers of size 168
10/7/2019 -- 13:12:39 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
10/7/2019 -- 13:12:39 - <Config> - stream "prealloc-sessions": 2048 (per thread)
10/7/2019 -- 13:12:39 - <Config> - stream "memcap": 33554432
10/7/2019 -- 13:12:39 - <Config> - stream "midstream" session pickups: disabled
10/7/2019 -- 13:12:39 - <Config> - stream "async-oneside": disabled
10/7/2019 -- 13:12:39 - <Config> - stream "checksum-validation": disabled
10/7/2019 -- 13:12:39 - <Config> - stream."inline": disabled
10/7/2019 -- 13:12:39 - <Config> - stream "bypass": disabled
10/7/2019 -- 13:12:39 - <Config> - stream "max-synack-queued": 5
10/7/2019 -- 13:12:39 - <Config> - stream.reassembly "memcap": 134217728
10/7/2019 -- 13:12:39 - <Config> - stream.reassembly "depth": 0
10/7/2019 -- 13:12:39 - <Config> - stream.reassembly "toserver-chunk-size": 2660
10/7/2019 -- 13:12:39 - <Config> - stream.reassembly "toclient-chunk-size": 2543
10/7/2019 -- 13:12:39 - <Config> - stream.reassembly.raw: enabled
10/7/2019 -- 13:12:39 - <Config> - stream.reassembly "segment-prealloc": 2048
10/7/2019 -- 13:12:39 - <Config> - Delayed detect disabled
10/7/2019 -- 13:12:39 - <Config> - pattern matchers: MPM: ac, SPM: bm
10/7/2019 -- 13:12:39 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
10/7/2019 -- 13:12:39 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
10/7/2019 -- 13:12:39 - <Config> - prefilter engines: MPM
10/7/2019 -- 13:12:39 - <Config> - IP reputation disabled
10/7/2019 -- 13:12:39 - <Perf> - Registered 148 keyword profiling counters.
10/7/2019 -- 13:12:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
10/7/2019 -- 13:12:39 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
10/7/2019 -- 13:12:40 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
10/7/2019 -- 13:12:41 - <Config> - No rules loaded from ET-emerging-icmp.rules.
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
10/7/2019 -- 13:12:41 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
10/7/2019 -- 13:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
10/7/2019 -- 13:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
10/7/2019 -- 13:12:42 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
10/7/2019 -- 13:12:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
10/7/2019 -- 13:12:44 - <Config> - No rules loaded from local.rules.
10/7/2019 -- 13:12:44 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
10/7/2019 -- 13:12:44 - <Info> - Threshold config parsed: 0 rule(s) found
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for tcp-packet
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for tcp-stream
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for udp-packet
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for other-ip
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_uri
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_request_line
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_client_body
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_response_line
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_header
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_header
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_header_names
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_header_names
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_accept
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_accept_enc
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_accept_lang
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_referer
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_connection
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_content_len
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_content_len
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_content_type
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_content_type
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_protocol
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_protocol
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_start
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_start
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_raw_header
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_raw_header
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_method
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_cookie
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_cookie
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_raw_uri
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_user_agent
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_host
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_raw_host
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_stat_msg
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_stat_code
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for dns_query
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for tls_sni
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for tls_cert_issuer
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for tls_cert_subject
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for tls_cert_serial
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for dce_stub_data
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for dce_stub_data
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for ssh_protocol
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for ssh_protocol
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for ssh_software
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for ssh_software
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for file_data
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for file_data
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_request_line
10/7/2019 -- 13:12:44 - <Perf> - using shared mpm ctx' for http_response_line
10/7/2019 -- 13:12:44 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
10/7/2019 -- 13:12:44 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
10/7/2019 -- 13:12:44 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
10/7/2019 -- 13:12:44 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
10/7/2019 -- 13:12:44 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
10/7/2019 -- 13:12:44 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
10/7/2019 -- 13:12:44 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
10/7/2019 -- 13:12:44 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
10/7/2019 -- 13:12:45 - <Perf> - Unique rule groups: 111
10/7/2019 -- 13:12:45 - <Perf> - Builtin MPM "toserver TCP packet": 31
10/7/2019 -- 13:12:45 - <Perf> - Builtin MPM "toclient TCP packet": 20
10/7/2019 -- 13:12:45 - <Perf> - Builtin MPM "toserver TCP stream": 31
10/7/2019 -- 13:12:45 - <Perf> - Builtin MPM "toclient TCP stream": 21
10/7/2019 -- 13:12:45 - <Perf> - Builtin MPM "toserver UDP packet": 33
10/7/2019 -- 13:12:45 - <Perf> - Builtin MPM "toclient UDP packet": 15
10/7/2019 -- 13:12:45 - <Perf> - Builtin MPM "other IP packet": 2
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_uri": 8
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_request_line": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_client_body": 6
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient http_response_line": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_header": 6
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient http_header": 3
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_header_names": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_accept": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_referer": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_content_len": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_content_type": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient http_content_type": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_start": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_method": 3
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_cookie": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient http_cookie": 2
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver http_host": 2
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver dns_query": 4
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver tls_sni": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toserver file_data": 1
10/7/2019 -- 13:12:45 - <Perf> - AppLayer MPM "toclient file_data": 5
10/7/2019 -- 13:12:46 - <Perf> - Registered 18241 rule profiling counters.
10/7/2019 -- 13:12:46 - <Info> - fast output device (regular) initialized: alert
10/7/2019 -- 13:12:46 - <Info> - eve-log output device (regular) initialized: eve.json
10/7/2019 -- 13:12:46 - <Config> - enabling 'eve-log' module 'alert'
10/7/2019 -- 13:12:46 - <Config> - enabling 'eve-log' module 'http'
10/7/2019 -- 13:12:46 - <Config> - enabling 'eve-log' module 'dns'
10/7/2019 -- 13:12:46 - <Config> - enabling 'eve-log' module 'tls'
10/7/2019 -- 13:12:46 - <Config> - enabling 'eve-log' module 'files'
10/7/2019 -- 13:12:46 - <Config> - enabling 'eve-log' module 'ssh'
10/7/2019 -- 13:12:46 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
1

This file has been truncated. Go here to download in full.


packet_stats.log - (22322 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1          3136          5203583     7065230803    4925823464      15447.4b    2.09
 IPv4       2            68       4356764058     6655380894    5747838146        390.9b    0.05
 IPv4       6        140620          5107426     7072725432    5098400408     716937.1b   96.98
 IPv4      17          1212          5883012     7064385937    4923299277       5967.0b    0.81
 IPv6      17           108          5687775     7058032729    5156103644        556.9b    0.08
 IPv6      58             1         38646979       38646979      38646979         38.6m    0.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1          3136            70279        7199816         80307        251.8m    1.15
TMM_FLOWWORKER              IPv4       2            68            71137          99762         78918          5.4m    0.02
TMM_FLOWWORKER              IPv4       6        140620            65706       15483924        144110         20.3b   92.65
TMM_FLOWWORKER              IPv4      17          1212            97048       24002817        211646        256.5m    1.17
TMM_RECEIVEPCAPFILE         IPv4       1          3136             2534          32122          2677          8.4m    0.04
TMM_RECEIVEPCAPFILE         IPv4       2            68             2536           2960          2619        178.1k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6        140312             2531         140468          2845        399.3m    1.83
TMM_RECEIVEPCAPFILE         IPv4      17          1212             2538          26565          2711          3.3m    0.02
TMM_DECODEPCAPFILE          IPv4       1          3136             2634        4656336          8946         28.1m    0.13
TMM_DECODEPCAPFILE          IPv4       2            68             2660           4258          3131        213.0k    0.00
TMM_DECODEPCAPFILE          IPv4       6        140312             2645        5750761          4378        614.3m    2.81
TMM_DECODEPCAPFILE          IPv4      17          1212             2661        6371919         15909         19.3m    0.09
TMM_FLOWWORKER              IPv6      17           108           103397         338136        177445         19.2m    0.09
TMM_FLOWWORKER              IPv6      58             1           113418         113418        113418        113.4k    0.00
TMM_RECEIVEPCAPFILE         IPv6      17           108             2558          30174          2946        318.2k    0.00
TMM_RECEIVEPCAPFILE         IPv6      58             1             2788           2788          2788          2.8k    0.00
TMM_DECODEPCAPFILE          IPv6      17           108             2687          71211          3887        419.8k    0.00
TMM_DECODEPCAPFILE          IPv6      58             1             4449           4449          4449          4.4k    0.00

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6        140312             2657        6429710          3250        456.1m  2.46  
flow                    IPv4      17          1212             2816       23732601         23551         28.5m  0.15  
stream                  IPv4       6        140620             2560        8634281          5882        827.3m  4.46  
app-layer               IPv4      17          1212             2529          36103          7724          9.4m  0.05  
detect                  IPv4       1          3136            64787        7190707         74538        233.8m  1.26  
detect                  IPv4       2            68            65605          92998         73365          5.0m  0.03  
detect                  IPv4       6        140620            44209       15388361        116395         16.4b  88.15 
detect                  IPv4      17          1212            80096        5874101        166975        202.4m  1.09  
tcp-prune               IPv4       6        140620             2518        2003634          2982        419.4m  2.26  
flow                    IPv6      17           108             2831           7405          3366        363.6k  0.00  
flow                    IPv6      58             1             3732           3732          3732          3.7k  0.00  
app-layer               IPv6      17           108             2540          15216          3983        430.2k  0.00  
detect                  IPv6      17           108            86939         303652        159038         17.2m  0.09  
detect                  IPv6      58             1           101531         101531        101531        101.5k  0.00  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6           153             2921          85854         16574          2.5m  35.98 
http                    IPv4      17            60             3598          88201         21583          1.3m  18.37 
tls                     IPv4       6           325             2595          16662          3147          1.0m  14.52 
tls                     IPv4      17           237             2595         237729          6357          1.5m  21.38 
ssh                     IPv4      17             3             2777           3016          2882          8.6k  0.12  
smb                     IPv4       6             5             2893          19758          7483         37.4k  0.53  
smb                     IPv4      17             8             2888           2943          2936         23.5k  0.33  
smb2                    IPv4       6            12             2542           3203          2721         32.7k  0.46  
smb2                    IPv4      17            27             2532           2632          2554         69.0k  0.98  
dns                     IPv4      17            76             2749          19748          5865        445.8k  6.32  
http                    IPv6      17             4             4983          14577         12178         48.7k  0.69  
tls                     IPv6      17             7             2656           3027          2735         19.1k  0.27  
smb2                    IPv6      17             1             2555           2555          2555          2.6k  0.04  
Proto detect            IPv4       6            14             2741           5312          3621         50.7k
Proto detect            IPv4      17           827             2695          24457          3901          3.2m
Proto detect            IPv6      17            21             2730           8419          3350         70.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6            73            15426        2380201         66502          4.9m  3.19  
LOGGER_UNIFIED2             IPv4       6            73            19351         334815         63137          4.6m  3.03  
LOGGER_JSON_ALERT           IPv4       6            73            37950         133618         63651          4.6m  3.05  
LOGGER_JSON_SSH             IPv4       6            21            33929         145903         64713          1.4m  0.89  
LOGGER_JSON_DNS             IPv4      17            37            29331         152556         60295          2.2m  1.47  
LOGGER_JSON_HTTP            IPv4       6           723            34370        9774163         75996         54.9m  36.10 
LOGGER_JSON_TLS             IPv4       6           242             2632        8708736        101927         24.7m  16.21 
LOGGER_JSON_FILE            IPv4       6           701            41712         256262         78302         54.9m  36.06 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6         82030             2542        6818900         14068         1.2b  36.67 
payload                           IPv4      17          1212             2941          75020          8724        10.6m  0.34  
stream                            IPv4       6         82030             2516        5706451         11415       936.4m  29.76 
http_uri                          IPv4       6           701             2746         345052         15687        11.0m  0.35  
http_request_line                 IPv4       6           701             2898          54696          5085         3.6m  0.11  
http_client_body                  IPv4       6           700             2599          34645          3949         2.8m  0.09  
http_header (request)             IPv4       6           700             6308         138149         24600        17.2m  0.55  
http_header (request trailer)     IPv4       6           700             2573          29010          2850         2.0m  0.06  
http_header_names (request)       IPv4       6           700             3540          55371          8523         6.0m  0.19  
http_accept (request)             IPv4       6           700             2676          84420          3844         2.7m  0.09  
http_referer (request)            IPv4       6           700             2697          40100          3437         2.4m  0.08  
http_content_len (request)        IPv4       6           700             2718          61176          3420         2.4m  0.08  
http_content_type (request)       IPv4       6           700             2687          61488          3445         2.4m  0.08  
http_start (request)              IPv4       6           700             4817          74895          7863         5.5m  0.17  
http_raw_header (request)         IPv4       6           700             6568          71304          9912         6.9m  0.22  
http_method                       IPv4       6           701             2608          35826          3728         2.6m  0.08  
http_cookie (request)             IPv4       6           700             2697          24497          3463         2.4m  0.08  
http_raw_uri                      IPv4       6           701             2555          73913          4350         3.0m  0.10  
http_user_agent                   IPv4       6           700             2958          77291         11714         8.2m  0.26  
http_host                         IPv4       6           700             2694          37839          4764         3.3m  0.11  
dns_query                         IPv4      17            21             3211          29470         10404       218.5k  0.01  
tls_sni                           IPv4       6           324             2674          37372          5161         1.7m  0.05  
ssh_proto (request)               IPv4       6           126             2544          59856          3795       478.2k  0.02  
http_response_line                IPv4       6           719             2940          81561          5212         3.7m  0.12  
http_header (response)            IPv4       6           719             4739          91688         21329        15.3m  0.49  
http_header (response trailer)    IPv4       6           717             2568          38796          2980         2.1m  0.07  
http_content_type (response)      IPv4       6           719             2695          67135          4224         3.0m  0.10  
http_raw_header (response)        IPv4       6         73619             3009       11267538          5239       385.7m  12.26 
http_cookie (response)            IPv4       6           719             2726          40939          3849         2.8m  0.09  
http_stat_code                    IPv4       6           719             2658          41043          3476         2.5m  0.08  
tls_cert_issuer                   IPv4       6           242             2559          29953          5158         1.2m  0.04  
tls_cert_subject                  IPv4       6           242             2553          35702          7138         1.7m  0.05  
tls_cert_serial                   IPv4       6           242             2542          27146          4581         1.1m  0.04  
file_data (http response)         IPv4       6         73619             2551        6534203          7316       538.7m  17.12 
Total                             IPv4                329923                                          9535         3.1b
payload                           IPv6      17           108             2962          73182         11692         1.3m  0.04  
payload                           IPv6      58             1             4796           4796          4796         4.8k  0.00  
Total                             IPv6                   109                                         11629         1.3m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1          3136            17981         132308         20875         65.5m  0.35  
PROF_DETECT_IPONLY          IPv4       2            68            18636          41774         23630          1.6m  0.01  
PROF_DETECT_IPONLY          IPv4       6           906             3065          87265         18598         16.8m  0.09  
PROF_DETECT_IPONLY          IPv4      17           911             7063         103205         22603         20.6m  0.11  
PROF_DETECT_RULES           IPv4       1          3136             2525          64668          2673          8.4m  0.04  
PROF_DETECT_RULES           IPv4       2            68             2531          14960          2770        188.4k  0.00  
PROF_DETECT_RULES           IPv4       6        140620             2525       11021676         20484          2.9b  15.30 
PROF_DETECT_RULES           IPv4      17          1212             2538        5678330         66376         80.4m  0.43  
PROF_DETECT_STATEFUL_START    IPv4       6         12486             5112        9793773         32289        403.2m  2.14  
PROF_DETECT_STATEFUL_CONT    IPv4       1          3136             2505          61814          2725          8.5m  0.05  
PROF_DETECT_STATEFUL_CONT    IPv4       2            68             2514           3057          2639        179.5k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6        140620             2511       10598098          8496          1.2b  6.35  
PROF_DETECT_STATEFUL_CONT    IPv4      17          1212             2512          56585          2927          3.5m  0.02  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6        137349             2535        5603953          2797        384.2m  2.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            50             2573           3295          2812        140.6k  0.00  
PROF_DETECT_PREFILTER       IPv4       1          3136             7732        7128462         10709         33.6m  0.18  
PROF_DETECT_PREFILTER       IPv4       2            68             7847           9545          8151        554.3k  0.00  
PROF_DETECT_PREFILTER       IPv4       6        140620             7688       11326756     

This file has been truncated. Go here to download in full.


stats.log - (8564 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
------------------------------------------------------------------------------------
Date: 7/10/2019 -- 13:12:54 (uptime: 0d, 00h 00m 08s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 95552
decoder.bytes                              | Total                     | 106190942
decoder.invalid                            | Total                     | 3
decoder.ipv4                               | Total                     | 95370
decoder.ipv6                               | Total                     | 93
decoder.ethernet                           | Total                     | 95552
decoder.tcp                                | Total                     | 91843
decoder.udp                                | Total                     | 1071
decoder.icmpv4                             | Total                     | 2513
decoder.icmpv6                             | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 1111
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 343
flow.udp                                   | Total                     | 640
flow.icmpv6                                | Total                     | 1
decoder.ipv4.trunc_pkt                     | Total                     | 3
tcp.sessions                               | Total                     | 337
tcp.syn                                    | Total                     | 343
tcp.synack                                 | Total                     | 351
tcp.rst                                    | Total                     | 256
tcp.reassembly_gap                         | Total                     | 4
tcp.overlap                                | Total                     | 900
tcp.insert_list_fail                       | Total                     | 12
detect.alert                               | Total                     | 52
detect.mpm_list                            | Total                     | 2
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 2
app_layer.flow.http                        | Total                     | 97
app_layer.tx.http                          | Total                     | 604
app_layer.flow.tls                         | Total                     | 170
app_layer.flow.ssh                         | Total                     | 15
app_layer.flow.smb                         | Total                     | 3
app_layer.flow.failed_tcp                  | Total                     | 5
app_layer.flow.dns_udp                     | Total                     | 13
app_layer.tx.dns_udp                       | Total                     | 13
app_layer.flow.failed_udp                  | Total                     | 627
flow_mgr.closed_pruned                     | Total                     | 85
flow_mgr.new_pruned                        | Total                     | 553
flow_mgr.est_pruned                        | Total                     | 65
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 94
flow_mgr.flows_timeout                     | Total                     | 94
flow_mgr.flows_timeout_inuse               | Total                     | 94
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65443
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573456
tcp.reassembly_memuse                      | Total                     | 4173824
dns.memuse                                 | Total                     | 320
http.memuse                                | Total                     | 1840678
flow.memuse                                | Total                     | 7160128
------------------------------------------------------------------------------------
Date: 7/10/2019 -- 13:12:58 (uptime: 0d, 00h 00m 12s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 144951
decoder.bytes                              | Total                     | 167297301
decoder.invalid                            | Total                     | 3
decoder.ipv4                               | Total                     | 144731
decoder.ipv6                               | Total                     | 109
decoder.ethernet                           | Total                     | 144951
decoder.tcp                                | Total                     | 140312
decoder.udp                                | Total                     | 1320
decoder.icmpv4                             | Total                     | 3136
decoder.icmpv6                             | Total                     | 1
decoder.avg_pkt_size                       | Total                     | 1154
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 455
flow.udp                                   | Total                     | 835
flow.icmpv6                                | Total                     | 1
decoder.ipv4.trunc_pkt                     | Total                     | 3
tcp.sessions                               | Total                     | 445
tcp.syn                                    | Total                     | 483
tcp.synack                                 | Total                     | 491
tcp.rst                                    | Total                     | 368
tcp.reassembly_gap                         | Total                     | 9
tcp.overlap                                | Total                     | 1308
tcp.insert_list_fail                       | Total                     | 195
detect.alert                               | Total                     | 78
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 1
app_layer.flow.http                        | Total                     | 126
app_layer.tx.http                          | Total                     | 740
app_layer.flow.tls                         | Total                     | 242
app_layer.flow.ssh                         | Total                     | 21
app_layer.flow.smb                         | Total                     | 4
app_layer.flow.failed_tcp                  | Total                     | 8
app_layer.flow.dns_udp                     | Total                     | 21
app_layer.tx.dns_udp                       | Total                     | 24
app_layer.flow.failed_udp                  | Total                     | 814
flow_mgr.closed_pruned                     | Total                     | 189
flow_mgr.new_pruned                        | Total                     | 585
flow_mgr.est_pruned                        | Total                     | 68
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 30
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.flows_timeout                     | Total                     | 29
flow_mgr.flows_timeout_inuse               | Total                     | 29
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65506
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7139968


eve.json - (1058940 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
{"timestamp":"2019-02-16T18:39:24.153389+0000","flow_id":370133182417442,"pcap_cnt":115,"event_type":"tls","src_ip":"10.47.101.2","src_port":16643,"dest_ip":"199.167.52.141","dest_port":443,"proto":"TCP","tls":{"subject":"OU=Domain Control Validated, CN=updates.paloaltonetworks.com","issuerdn":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2"}}
{"timestamp":"2019-02-16T18:39:26.446588+0000","flow_id":1277382746886268,"pcap_cnt":145,"event_type":"dns","src_ip":"10.128.98.29","src_port":49920,"dest_ip":"10.57.101.10","dest_port":53,"proto":"UDP","dns":{"type":"query","id":23979,"rrname":"scheduler.corp.ods.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-16T18:39:26.448867+0000","flow_id":1277382746886268,"pcap_cnt":146,"event_type":"dns","src_ip":"10.57.101.10","src_port":53,"dest_ip":"10.128.98.29","dest_port":49920,"proto":"UDP","dns":{"type":"answer","id":23979,"rcode":"NOERROR","rrname":"scheduler.corp.ods.com","rrtype":"A","ttl":3600,"rdata":"172.16.0.35"}}
{"timestamp":"2019-02-16T18:39:26.907301+0000","flow_id":1660199624381570,"pcap_cnt":177,"event_type":"http","src_ip":"10.128.98.29","src_port":54477,"dest_ip":"10.57.101.214","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"10.57.101.214","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:39:26.908543+0000","flow_id":1660199624381570,"pcap_cnt":181,"event_type":"fileinfo","src_ip":"10.57.101.214","src_port":80,"dest_ip":"10.128.98.29","dest_port":54477,"proto":"TCP","http":{"hostname":"10.57.101.214","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4573},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":4562,"tx_id":0}}
{"timestamp":"2019-02-16T18:39:26.942467+0000","flow_id":513999554634115,"pcap_cnt":182,"event_type":"alert","src_ip":"10.128.98.29","src_port":46465,"dest_ip":"10.57.101.211","dest_port":3306,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2010937,"rev":3,"signature":"ET SCAN Suspicious inbound to mySQL port 3306","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-02-16T18:39:26.974543+0000","flow_id":1697649591745828,"pcap_cnt":204,"event_type":"ssh","src_ip":"10.128.98.29","src_port":56151,"dest_ip":"10.57.101.45","dest_port":22,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"paramiko_1.16.0"},"server":{"proto_version":"2.0","software_version":"OpenSSH_6.7p1 Debian-5+deb8u7"}}}
{"timestamp":"2019-02-16T18:39:26.984253+0000","flow_id":454166365256131,"pcap_cnt":212,"event_type":"ssh","src_ip":"10.128.98.29","src_port":52878,"dest_ip":"10.57.101.211","dest_port":22,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"paramiko_1.16.0"},"server":{"proto_version":"2.0","software_version":"OpenSSH_5.3"}}}
{"timestamp":"2019-02-16T18:39:27.068338+0000","flow_id":2195187193270507,"pcap_cnt":226,"event_type":"http","src_ip":"10.128.98.29","src_port":39651,"dest_ip":"10.57.101.36","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"10.57.101.36","url":"\/dolibarr\/","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:39:27.070224+0000","flow_id":2195187193270507,"pcap_cnt":228,"event_type":"fileinfo","src_ip":"10.57.101.36","src_port":80,"dest_ip":"10.128.98.29","dest_port":39651,"proto":"TCP","http":{"hostname":"10.57.101.36","url":"\/dolibarr\/","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":6204},"app_proto":"http","fileinfo":{"filename":"\/dolibarr\/","gaps":false,"state":"CLOSED","stored":false,"size":6204,"tx_id":0}}
{"timestamp":"2019-02-16T18:39:27.089597+0000","flow_id":1222574669221130,"pcap_cnt":237,"event_type":"http","src_ip":"10.128.98.29","src_port":57971,"dest_ip":"10.57.101.37","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"10.57.101.37","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:39:27.090540+0000","flow_id":1222574669221130,"pcap_cnt":240,"event_type":"fileinfo","src_ip":"10.57.101.37","src_port":80,"dest_ip":"10.128.98.29","dest_port":57971,"proto":"TCP","http":{"hostname":"10.57.101.37","url":"\/","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":5074},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":5074,"tx_id":0}}
{"timestamp":"2019-02-16T18:39:27.256013+0000","flow_id":803342911525994,"pcap_cnt":280,"event_type":"http","src_ip":"10.128.98.29","src_port":34028,"dest_ip":"10.57.101.35","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"10.57.101.35","url":"\/ui\/","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0"}}
{"timestamp":"2019-02-16T18:39:27.309566+0000","flow_id":803342911525994,"pcap_cnt":286,"event_type":"fileinfo","src_ip":"10.57.101.35","src_port":8080,"dest_ip":"10.128.98.29","dest_port":34028,"proto":"TCP","http":{"hostname":"10.57.101.35","url":"\/ui\/","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":15866},"app_proto":"http","fileinfo":{"filename":"\/ui\/","gaps":false,"state":"CLOSED","stored":false,"size":15832,"tx_id":0}}
{"timestamp":"2019-02-16T18:39:27.481705+0000","flow_id":61393753565703,"pcap_cnt":302,"event_type":"http","src_ip":"10.128.98.29","src_port":57596,"dest_ip":"10.57.101.63","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"10.57.101.63","url":"\/?p=17","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:39:27.482833+0000","flow_id":61393753565703,"pcap_cnt":305,"event_type":"fileinfo","src_ip":"10.57.101.63","src_port":80,"dest_ip":"10.128.98.29","dest_port":57596,"proto":"TCP","http":{"hostname":"10.57.101.63","url":"\/?p=17","http_user_agent":"Mozilla\/5.0 (Windows NT 5.1; rv:18.0) Gecko\/20100101 Firefox\/18.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":5574},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":5557,"tx_id":0}}
{"timestamp":"2019-02-16T18:39:29.107836+0000","flow_id":1180913486542455,"pcap_cnt":364,"event_type":"ssh","src_ip":"10.128.98.29","src_port":36566,"dest_ip":"10.57.101.63","dest_port":22,"proto":"TCP","ssh":{"client":{"proto_version":"2.0","software_version":"paramiko_1.16.0"},"server":{"proto_version":"2.0","software_version":"OpenSSH_6.8p1-hpn14v4"}}}
{"timestamp":"2019-02-16T18:39:40.800552+0000","flow_id":746949991758863,"pcap_cnt":476,"event_type":"alert","src_ip":"10.0.2.6","src_port":51910,"dest_ip":"10.57.101.69","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102383,"rev":21,"signature":"GPL NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2019-02-16T18:39:41.027561+0000","flow_id":746949991758863,"pcap_cnt":481,"event_type":"alert","src_ip":"10.0.2.6","src_port":51910,"dest_ip":"10.57.101.69","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102465,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2019-02-16T18:39:42.821298+0000","flow_id":746949991758863,"pcap_cnt":528,"event_type":"alert","src_ip":"10.0.2.6","src_port":51910,"dest_ip":"10.57.101.69","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102471,"rev":12,"signature":"GPL NETBIOS SMB-DS C$ share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2019-02-16T18:39:54.073932+0000","flow_id":677498224020744,"pcap_cnt":581,"event_type":"http","src_ip":"10.47.101.2","src_port":25037,"dest_ip":"184.150.157.177","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain"}}
{"timestamp":"2019-02-16T18:39:54.106640+0000","flow_id":677498224020744,"pcap_cnt":584,"event_type":"fileinfo","src_ip":"184.150.157.177","src_port":80,"dest_ip":"10.47.101.2","dest_port":25037,"proto":"TCP","http":{"hostname":"www.msftncsi.com","url":"\/ncsi.txt","http_user_agent":"Microsoft NCSI","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":14},"app_proto":"http","fileinfo":{"filename":"\/ncsi.txt","gaps":false,"state":"CLOSED","stored":false,"size":14,"tx_id":0}}
{"timestamp":"2019-02-16T18:40:00.476359+0000","flow_id":392121269896477,"pcap_cnt":672,"event_type":"tls","src_ip":"10.47.101.2","src_port":5147,"dest_ip":"54.67.11.78","dest_port":443,"proto":"TCP","tls":{"subject":"C=us, ST=lol, O=Internet Widgits Pty Ltd","issuerdn":"C=us, ST=lol, O=Internet Widgits Pty Ltd"}}
{"timestamp":"2019-02-16T18:40:00.568409+0000","flow_id":392121269896477,"pcap_cnt":683,"event_type":"alert","src_ip":"54.67.11.78","src_port":443,"dest_ip":"10.47.101.2","dest_port":5147,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2011540,"rev":6,"signature":"ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)","category":"Not Suspicious Traffic","severity":3},"app_proto":"tls"}
{"timestamp":"2019-02-16T18:40:15.878431+0000","flow_id":747381638180159,"pcap_cnt":962,"event_type":"http","src_ip":"10.47.101.2","src_port":26571,"dest_ip":"3.88.128.203","dest_port":8888,"proto":"TCP","tx_id":0,"http":{"hostname":"3.88.128.203","url":"\/index.php?d=MvAJQD4llKdCWSHZRkgiJ9prxlDIwLr01dWmMwGASQfhzi0VRuwv2NVIDAHeA-dFx61ccxDTy5pPNGJrEct27V24l2mpfQ5tz2lSWPMw5-Rg2sFUDcakWnPWeenq6NPWLsvIIqfbH60buCEfbUCq3q2wqMKzDXNYYVDyK2XyAOTyT3zAqtvXahguAJf1OZlBiqo_0tugS99QT4VvrB0CLC4PbOdudkikT7HbH8cN75So350Pnz_9N4BnHu5T8UV9OyGkwH24PWArFn5Uk3OAVRTyLcwi3oxzsF7Xu6qDOVUS7sHXx5MCwPvO0SKKpze4k2t53pP4LGMBr3KW1ISRBDdbCQHLbkNBu_FZPQEFOZLQZv9F4-ZJmfJbOavmJtYLeTbNTiykxYbAolxilo9IQjahdJ8VWPxtPN1Dd9M_0UYa99TtkbGyj83MVLt-WKaJUuNrtWCR46OuimZkD2ZVP6K73Px1b9IBfT604q3NjXxpDOAcYskrbO61bMcgFB71R9y3XhDgh-XPWz3LyXxvUoEj13oNasn1TfFOFmGHc4llJmEILI9CcCSkvEbNqcVmwzxSyI-Kyclnv__pb-E4gyL9qmc58QrJOPEuKnc80HhCN7ps2mVdMkmFeAcZ1q58gmcx5Nhfilwgz1wpEtyV22u6TQgDp5ON3P5aoH4hhj72AmmFUyoUV0zBWl8VatWe","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:40:16.256422+0000","flow_id":747381638180159,"pcap_cnt":966,"event_type":"http","src_ip":"10.47.101.2","src_port":26571,"dest_ip":"3.88.128.203","dest_port":8888,"proto":"TCP","tx_id":1,"http":{"hostname":"3.88.128.203","url":"\/index.php?d=poll&_=1550371258.73","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:40:16.271376+0000","flow_id":747381638180159,"pcap_cnt":967,"event_type":"fileinfo","src_ip":"3.88.128.203","src_port":8888,"dest_ip":"10.47.101.2","dest_port":26571,"proto":"TCP","http":{"hostname":"3.88.128.203","url":"\/index.php?d=poll&_=1550371258.73","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":24},"app_proto":"http","fileinfo":{"filename":"\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":24,"tx_id":1}}
{"timestamp":"2019-02-16T18:40:16.494689+0000","flow_id":747381638180159,"pcap_cnt":968,"event_type":"http","src_ip":"10.47.101.2","src_port":26571,"dest_ip":"3.88.128.203","dest_port":8888,"proto":"TCP","tx_id":2,"http":{"hostname":"3.88.128.203","url":"\/index.php?d=qgO3fETDpO57Ra_E6gifBA9LNlm7Muq3oYEGvISxXMI=","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:40:16.512239+0000","flow_id":747381638180159,"pcap_cnt":970,"event_type":"http","src_ip":"10.47.101.2","src_port":26571,"dest_ip":"3.88.128.203","dest_port":8888,"proto":"TCP","tx_id":3,"http":{"hostname":"3.88.128.203","url":"\/index.php?d=poll&_=1550371258.92","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:40:16.572650+0000","flow_id":747381638180159,"pcap_cnt":972,"event_type":"fileinfo","src_ip":"3.88.128.203","src_port":8888,"dest_ip":"10.47.101.2","dest_port":26571,"proto":"TCP","http":{"hostname":"3.88.128.203","url":"\/index.php?d=poll&_=1550371258.92","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":108},"app_proto":"http","fileinfo":{"filename":"\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":108,"tx_id":3}}
{"timestamp":"2019-02-16T18:40:16.787733+0000","flow_id":747381638180159,"pcap_cnt":976,"event_type":"http","src_ip":"10.47.101.2","src_port":26571,"dest_ip":"3.88.128.203","dest_port":8888,"proto":"TCP","tx_id":4,"http":{"hostname":"3.88.128.203","url":"\/index.php?d=poll&_=1550371259.39","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:40:16.818391+0000","flow_id":747381638180159,"pcap_cnt":978,"event_type":"http","src_ip":"10.47.101.2","src_port":26571,"dest_ip":"3.88.128.203","dest_port":8888,"proto":"TCP","tx_id":5,"http":{"hostname":"3.88.128.203","url":"\/index.php?d=cBv_raPpjadiYEhUTn3hpBZiDWgBjf6DrGligj6JY-AjnFcEjO-2wVY47jMt0Fr0","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:40:16.878215+0000","flow_id":747381638180159,"pcap_cnt":979,"event_type":"fileinfo","src_ip":"3.88.128.203","src_port":8888,"dest_ip":"10.47.101.2","dest_port":26571,"proto":"TCP","http":{"hostname":"3.88.128.203","url":"\/index.php?d=cBv_raPpjadiYEhUTn3hpBZiDWgBjf6DrGligj6JY-AjnFcEjO-2wVY47jMt0Fr0","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1048},"app_proto":"http","fileinfo":{"filename":"\/index.php","gaps":false,"state":"CLOSED","stored":false,"size":1048,"tx_id":5}}
{"timestamp":"2019-02-16T18:40:17.096737+0000","flow_id":747381638180159,"pcap_cnt":984,"event_type":"http","src_ip":"10.47.101.2","src_port":26571,"dest_ip":"3.88.128.203","dest_port":8888,"proto":"TCP","tx_id":6,"http":{"hostname":"3.88.128.203","url":"\/index.php?d=poll&_=1550371259.67","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/41.0.2228.0 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-02-16T18:40:17.113423+0000","flow_id":747381638180159,"pcap_cnt":986,"event_type":"http","src_ip":"10.47.101.2","src_port":26571,"dest_ip":"3.88.128.203","dest_port":8888,"proto":"TCP","tx_id":7,"http":{"hostname":"3.88.128.203","url":"\/index.php?d=CvHjTbi9l5HOK-8M1yU-Dh_gOyEw-C1djAqOjfCc6atOHDrRoXCtCzKH25thPon7EFlqcJlBP766yPdJoAla7w==","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2019-07-10-T-13-12-58-07102019.1312-wrccdc.qualifiers.2019-02-16.113949000000000.pcap.txt - (95958 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 7/10/2019 -- 13:12:58. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2020661      1        3        86376501     4.03   26487    0        10992685    3261.09     0.00        3261.09    
  2        2008575      1        5        366802577    17.10  68278    0        10587416    5372.19     0.00        5372.19    
  3        2016537      1        2        174685895    8.14   10829    2        10555999    16131.30    64708.50    16122.33   
  4        2023583      1        4        14578957     0.68   142      0        9693736     102668.71   0.00        102668.71  
  5        2103003      1        7        6199722      0.29   3        0        6158912     2066574.00  0.00        2066574.00 
  6        2017281      1        3        9506734      0.44   181      0        5867402     52523.39    0.00        52523.39   
  7        2103158      1        6        9073171      0.42   1179     0        5770891     7695.65     0.00        7695.65    
  8        2020181      1        8        11620297     0.54   152      0        5596385     76449.32    0.00        76449.32   
  9        2022199      1        2        6600073      0.31   154      0        2087585     42857.62    0.00        42857.62   
  10       2024778      1        1        78421155     3.66   27897    0        2016568     2811.10     0.00        2811.10    
  11       2022547      1        1        80997634     3.78   29078    0        1908627     2785.53     0.00        2785.53    
  12       2024139      1        2        4979889      0.23   95       0        1850965     52419.88    0.00        52419.88   
  13       2014442      1        6        8250150      0.38   152      0        1744292     54277.30    0.00        54277.30   
  14       2024777      1        2        20777781     0.97   6914     0        1706358     3005.18     0.00        3005.18    
  15       2017264      1        2        5675691      0.26   152      0        1485999     37340.07    0.00        37340.07   
  16       2023832      1        3        9070624      0.42   510      0        1380882     17785.54    0.00        17785.54   
  17       2008309      1        3        11487671     0.54   3788     0        1290683     3032.65     0.00        3032.65    
  18       2017073      1        3        821451       0.04   1        0        821451      821451.00   0.00        821451.00  
  19       2020865      1        3        18521690     0.86   95       0        589744      194965.16   0.00        194965.16  
  20       2017501      1        2        848580       0.04   3        0        552052      282860.00   0.00        282860.00  
  21       2017502      1        2        849296       0.04   3        0        544542      283098.67   0.00        283098.67  
  22       2017500      1        2        812474       0.04   3        0        522412      270824.67   0.00        270824.67  
  23       2020207      1        3        478556       0.02   1        0        478556      478556.00   0.00        478556.00  
  24       2017499      1        2        706718       0.03   3        0        436417      235572.67   0.00        235572.67  
  25       2025185      1        3        1255592      0.06   7        0        421247      179370.29   0.00        179370.29  
  26       2017552      1        6        165788844    7.73   11526    0        393727      14383.90    0.00        14383.90   
  27       2023484      1        2        810349       0.04   3        0        367814      270116.33   0.00        270116.33  
  28       2022221      1        3        441396       0.02   2        0        317370      220698.00   0.00        220698.00  
  29       2021749      1        6        21412185     1.00   119      0        308159      179934.33   0.00        179934.33  
  30       2020842      1        2        305203       0.01   1        0        305203      305203.00   0.00        305203.00  
  31       2018342      1        2        534425       0.02   3        0        299723      178141.67   0.00        178141.67  
  32       2022797      1        2        294359       0.01   1        0        294359      294359.00   0.00        294359.00  
  33       2016855      1        2        601838       0.03   8        0        250772      75229.75    0.00        75229.75   
  34       2023476      1        5        1616573      0.08   8        0        250447      202071.62   0.00        202071.62  
  35       2018005      1        6        12224538     0.57   205      0        248417      59631.89    0.00        59631.89   
  36       2021621      1        6        1238285      0.06   8        0        229233      154785.62   0.00        154785.62  
  37       2016854      1        3        547033       0.03   8        0        223250      68379.12    0.00        68379.12   
  38       2017072      1        3        370032       0.02   3        0        185961      123344.00   0.00        123344.00  
  39       2008303      1        3        7565339      0.35   2737     0        176807      2764.10     0.00        2764.10    
  40       2017748      1        6        1182368      0.06   97       0        172230      12189.36    0.00        12189.36   
  41       2014844      1        3        4452322      0.21   152      0        160055      29291.59    0.00        29291.59   
  42       2020972      1        2        159648       0.01   1        0        159648      159648.00   0.00        159648.00  
  43       2022021      1        2        3898766      0.18   54       0        158243      72199.37    0.00        72199.37   
  44       2020963      1        2        4892254      0.23   152      0        158191      32185.88    0.00        32185.88   
  45       2012969      1        2        151900       0.01   1        0        151900      151900.00   0.00        151900.00  
  46       2021816      1        2        3865991      0.18   54       0        148333      71592.43    0.00        71592.43   
  47       2024142      1        2        3374583      0.16   95       0        147985      35521.93    0.00        35521.93   
  48       2022058      1        3        3844517      0.18   54       0        145613      71194.76    0.00        71194.76   
  49       2012981      1        5        143657       0.01   1        0        143657      143657.00   0.00        143657.00  
  50       2024900      1        1        4771274      0.22   181      0        143553      26360.63    0.00        26360.63   
  51       2021529      1        3        1229814      0.06   10       0        141472      122981.40   0.00        122981.40  
  52       2022065      1        2        3857449      0.18   54       0        140702      71434.24    0.00        71434.24   
  53       2014819      1        3        379174       0.02   9        0        125407      42130.44    0.00        42130.44   
  54       2017456      1        3        4253638      0.20   152      0        124864      27984.46    0.00        27984.46   
  55       2024604      1        2        5314886      0.25   152      23       124254      34966.36    69007.04    28897.09   
  56       2020388      1        8        8337720      0.39   507      0        122756      16445.21    0.00        16445.21   
  57       2025064      1        5        16996819     0.79   507      0        121461      33524.30    0.00        33524.30   
  58       2021784      1        2        3723284      0.17   54       0        117440      68949.70    0.00        68949.70   
  59       2021903      1        2        3750552      0.17   54       0        116704      69454.67    0.00        69454.67   
  60       2008782      1        5        961925       0.04   22       0        115061      43723.86    0.00        43723.86   
  61       2021375      1        2        3751056      0.17   54       0        113725      69464.00    0.00        69464.00   
  62       2023547      1        3        113596       0.01   1        0        113596      113596.00   0.00        113596.00  
  63       2022901      1        2        4543010      0.21   152      0        112965      29888.22    0.00        29888.22   
  64       2021152      1        1        2241056      0.10   779      0        112596      2876.84     0.00        2876.84    
  65       2021688      1        2        3637025      0.17   54       0        109712      67352.31    0.00        67352.31   
  66       2016706      1        20       4593176      0.21   152      0        109248      30218.26    0.00        30218.26   
  67       2019607      1        2        107867       0.01   1        0        107867      107867.00   0.00        107867.00  
  68       2021895      1        2        3723313      0.17   54       0        107482      68950.24    0.00        68950.24   
  69       2008713      1        5        216633       0.01   3        0        102460      72211.00    0.00        72211.00   
  70       2022480      1        2        3252434      0.15   64       0        102398      50819.28    0.00        50819.28   
  71       2022627      1        12       598711       0.03   8        0        101645      74838.88    0.00        74838.88   
  72       2024771      1        1        30976502     1.44   5103     0        101316      6070.25     0.00        6070.25    
  73       2022212      1        3        3651206      0.17   54       0        99897       67614.93    0.00        67614.93   
  74       2021411      1        2        3660309      0.17   54       0        98932       67783.50    0.00        67783.50   
  75       2021546      1        2        3721568      0.17   54       0        97504       68917.93    0.00        68917.93   
  76       2023818      1        2        6800351      0.32   181      181      97342       37571.00    37571.00    0.00       
  77       2024135      1        2        3400635      0.16   95       0        97202       35796.16    0.00        35796.16   
  78       2017119      1        4        4562015      0.21   152      0        95973       30013.26    0.00        30013.26   
  79       2021732      1        2        3681486      0.17   54       0        95737       68175.67    0.00        68175.67   
  80       2021069      1        2        4609421      0.21   154      0        95717       29931.31    0.00        29931.31   
  81       2007880      1        7        3919750      0.18   191      0        94013       20522.25    0.00        20522.25   
  82       2001195      1        9        2155532      0.10   151      0        93315       14275.05    0.00        14275.05   
  83       2020496      1        2        8111640      0.38   338      0        93168       23998.93    0.00        23998.93   
  84       2011540      1        6        1503763      0.07   54       54       92944       27847.46    27847.46    0.00       
  85       2017261      1        3        4612724      0.22   152      0        92905       30346.87    0.00        30346.87   
  86       2008120      1        4        3089067      0.14   1043     0        92485       2961.71     0.00        2961.71    
  87       2017613      1        9        5936912      0.28   210      0        91721       28271.01    0.00        28271.01   
  88       2008702      1        6        216223       0.01   3        0        91129       72074.33    0.00        72074.33   
  89       2024134      1        2        3236579      0.15   95       0        91058       34069.25    0.00        34069.25   
  90       2018981      1        4        5498452      0.26   210      0        88980       26183.10    0.00        26183.10   
  91       2024136      1        2        3360806      0.16   95       0        88877       35376.91    0.00        35376.91   
  92       2020295      1        6        4798787      0.22   185      0        88510       25939.39    0.00        25939.39   
  93       2017935      1        3        4006995      0.19   1362     0        88439       2941.99     0.00        2941.99    
  94       2022535      1        11       598091       0.03   8        0        88394       74761.38    0.00        74761.38   
  95       2021718      1        4        4625772      0.22   152      0        88370       30432.71    0.00        30432.71   
  96       2008703      1        5        210188       0.01   3        0        88173       70062.67    0.00        70062.67   
  97       2003492      1        30       4307410      0.20   210      0        88127       20511.48    0.00        20511.48   
  98       2022609      1        2        6823579      0.32   208      0        87567       32805.67    0.00        32805.67   
  99       2020747      1        8        4887183      0.23   154      0        87175       31734.95    0.00        31734.95   
  100      2018359      1        3        5039382      0.23   142      0        86777       35488.61    0.00        35488.61   
  101      2013414      1        10       387784       0.02   14       0        85110       27698.86    0.00        27698.86   
  102      2020786      1        4        150011       0.01   4        0        84880       37502.75    0.00        37502.75   
  103      2012707      1        5        14625541     0.68   703      0        84486       20804.47    0.00        20804.47   
  104      2024769      1        2        84265        0.00   1        0        84265       84265.00    0.00        84265.00   
  105      2015877      1        6        4736391      0.22   152      0        84189       31160.47    0.00        31160.47   
  106      2024140      1        2        3212326      0.15   95       0        83817       33813.96    0.00        33813.96   
  107      2017731      1        3        1621914      0.08   80       0        83721       20273.92    0.00        20273.92   
  108      2024606      1        2        3613305      0.17   152      0        83673       23771.74    0.00        23771.74   
  109      2021977      1        6        7438415      0.35   2706     0        83577       2748.86     0.00        2748.86    
  110      2018283      1        5        12187133     0.57   4495     0        83491       2711.26     0.00        2711.26    
  111      2019094      1        5        4537128      0.21   152      0        83476       29849.53    0.00        29849.53   
  112      2018358      1        7        6884892      0.32   210      0        83065       32785.20    0.00        32785.20   
  113      2022502      1        4        11785185     0.55   507      0        82583       23244.94    0.00        23244.94   
  114      2014703      1        9        882041       0.04   135      0        81745       6533.64     0.00        6533.64    
  115      2001330      1        8        108113251    5.04   39616    0        81706       2729.03     0.00        2729.03    
  116      2021399      1        3        4356399      0.20   152      0        81476       28660.52    0.00        28660.52   
  117      2020605      1        5        81255        0.00   1        0        81255       81255.00    0.00        81255.00   
  118      2020962      1        3        4503516      0.21   152      0        80940       29628.39    0.00        29628.39   
  119      2020393      1        2        471179       0.02   6        0        80678       78529.83    0.00        78529.83   
  120      2024141      1        2        3207005      0.15   95       0        80058       33757.95    0.00        33757.95   
  121      2016759      1        1        5902263      0.28   215      0        79622       27452.39    0.00        27452.39   
  122      2018486      1        5        100870       0.00   3        0        79208       33623.33    0.00        33623.33   
  123      2018375      1        3        10764966     0.50   1011     0        79038       10647.84    0.00        10647.84   
  124      2008704      1        5        190488       0.01   3        0        78986       63496.00    0.00        63496.00   
  125      2017454      1        12       4

This file has been truncated. Go here to download in full.


keyword_perf.log - (17061 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/10/2019 -- 13:12:58
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            221517          69              69              11091           3210.00         3210.00         0.00           
  dsize            35280           8               8               10327           4410.00         4410.00         0.00           
  flow             134706010       42394           42394           10540317        3177.00         3177.00         0.00           
  threshold        447413          84              10              57975           5326.00         5415.00         5314.00        
  content          335245093       47450           20388           10574601        7065.00         3938.00         9421.00        
  pcre             27312931        6777            630             91133           4030.00         4622.00         3969.00        
  byte_test        3471524         1117            310             42212           3107.00         3248.00         3053.00        
  byte_jump        1239722         390             60              11904           3178.00         3017.00         3208.00        
  isdataat         134133          47              2               3437            2853.00         2787.00         2856.00        
  flowbits         5854027         1732            364             40357           3379.00         3424.00         3367.00        
  urilen           17565211        5656            1348            1463108         3105.00         2891.00         3172.00        
  byte_extract     269728          72              72              16566           3746.00         3746.00         0.00           
  asn1             22692           2               1               13050           11346.00        13050.00        9642.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            221517          69              69              11091           3210.00         3210.00         0.00           
  dsize            35280           8               8               10327           4410.00         4410.00         0.00           
  flow             134706010       42394           42394           10540317        3177.00         3177.00         0.00           
  flowbits         4919420         1474            106             40357           3337.00         2943.00         3367.00        
  asn1             22692           2               1               13050           11346.00        13050.00        9642.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          224366004       22470           5522            10574601        9985.00         3803.00         11999.00       
  pcre             4614950         1287            120             71944           3585.00         3212.00         3624.00        
  byte_test        3464510         1115            310             42212           3107.00         3248.00         3052.00        
  byte_jump        1199526         376             46              11904           3190.00         3061.00         3208.00        
  isdataat         110790          39              2               3196            2840.00         2787.00         2843.00        
  byte_extract     269728          72              72              16566           3746.00         3746.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         934607          258             258             9983            3622.00         3622.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        447413          84              10              57975           5326.00         5415.00         5314.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21825453        6964            5296            54131           3134.00         3109.00         3212.00        
  pcre             17035343        4327            80              60703           3936.00         3721.00         3941.00        
  isdataat         23343           8               0               3437            2917.00         0.00            2917.00        
  urilen           17565211        5656            1348            1463108         3105.00         2891.00         3172.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_request_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14040           4               4               4389            3510.00         3510.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2130650         722             0               31321           2951.00         0.00            2951.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26974233        1172            190             425443          23015.00        60769.00        15710.00       
  pcre             562469          145             0               91133           3879.00         0.00            3879.00        
  byte_test        7014            2               0               4433            3507.00         0.00            3507.00        
  byte_jump        40196           14              14              3831            2871.00         2871.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30617329        8627            5356            2062696         3549.00         3400.00         3791.00        
  pcre             5068319         1012            428             74086           5008.00         5186.00         4877.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5353214         1659            694             35177           3226.00         3215.00         3234.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7146            2               0               3868            3573.00         0.00            3573.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7916            2               0               4233            3958.00         0.00            3958.00        
  pcre             9962            2               0               5328            4981.00         0.00            4981.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3778360         1257            374             70281           3005.00         3195.00         2925.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          19476785        4374            2758            5846235         4452.00         3240.00         6522.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          25930           8               7               4131            3241.00         3332.00         2605.00        
  pcre             21888           4               2               7019            5472.00         4567.00         6376.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7527            2               0               3864            3763.00         0.00            3763.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          427380          133             133             4323            3213.00         3213.00         0.00           
  --------

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-alert-2019-07-10-T-13-12-58-07102019.1312-wrccdc.qualifiers.2019-02-16.113949000000000.pcap.txt - (15879 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
02/16/2019-18:39:26.942467  [**] [1:2010937:3] ET SCAN Suspicious inbound to mySQL port 3306 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.128.98.29:46465 -> 10.57.101.211:3306
02/16/2019-18:39:40.800552  [**] [1:2102383:21] GPL NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.0.2.6:51910 -> 10.57.101.69:445
02/16/2019-18:39:41.027561  [**] [1:2102465:9] GPL NETBIOS SMB-DS IPC$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.0.2.6:51910 -> 10.57.101.69:445
02/16/2019-18:39:42.821298  [**] [1:2102471:12] GPL NETBIOS SMB-DS C$ share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.0.2.6:51910 -> 10.57.101.69:445
02/16/2019-18:40:00.568409  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:5147
02/16/2019-18:40:32.246609  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:20374
02/16/2019-18:40:36.289470  [**] [1:2102123:7] GPL EXPLOIT Microsoft cmd.exe banner [**] [Classification: Successful Administrator Privilege Gain] [Priority: 1] {TCP} 10.57.101.69:445 -> 10.0.2.6:51913
02/16/2019-18:41:02.863842  [**] [1:2102123:7] GPL EXPLOIT Microsoft cmd.exe banner [**] [Classification: Successful Administrator Privilege Gain] [Priority: 1] {TCP} 10.57.101.69:445 -> 10.0.2.6:51917
02/16/2019-18:41:04.609567  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:30128
02/16/2019-18:41:35.103084  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:60031
02/16/2019-18:41:54.717198  [**] [1:2016141:5] ET INFO Executable Download from dotted-quad Host [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.47.101.2:6874 -> 54.67.11.78:80
02/16/2019-18:41:54.813639  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 54.67.11.78:80 -> 10.47.101.2:6874
02/16/2019-18:41:54.813639  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 54.67.11.78:80 -> 10.47.101.2:6874
02/16/2019-18:41:54.813639  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 54.67.11.78:80 -> 10.47.101.2:6874
02/16/2019-18:42:06.650337  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:44925
02/16/2019-18:42:39.181211  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:50272
02/16/2019-18:43:11.380642  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:50946
02/16/2019-18:43:43.986658  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:19628
02/16/2019-18:44:10.883018  [**] [1:2017025:3] ET ATTACK_RESPONSE Net User Command Response [**] [Classification: Successful User Privilege Gain] [Priority: 1] {TCP} 10.57.101.69:445 -> 10.0.2.6:51917
02/16/2019-18:44:13.267885  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:45738
02/16/2019-18:44:43.345370  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:20053
02/16/2019-18:44:53.046580  [**] [1:2010937:3] ET SCAN Suspicious inbound to mySQL port 3306 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.128.120.227:58806 -> 10.57.101.211:3306
02/16/2019-18:45:15.897429  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:38119
02/16/2019-18:45:45.970384  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:50630
02/16/2019-18:46:18.607711  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:51462
02/16/2019-18:46:48.974042  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:9513
02/16/2019-18:47:21.124101  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:37686
02/16/2019-18:47:52.646731  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:57721
02/16/2019-18:48:07.305623  [**] [1:2010937:3] ET SCAN Suspicious inbound to mySQL port 3306 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.128.118.254:57475 -> 10.57.101.211:3306
02/16/2019-18:48:23.653060  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:51544
02/16/2019-18:48:55.580860  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:35520
02/16/2019-18:49:27.495601  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:55473
02/16/2019-18:49:59.337264  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:59034
02/16/2019-18:50:31.073128  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:49137
02/16/2019-18:51:03.046240  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:50300
02/16/2019-18:51:30.332577  [**] [1:2010937:3] ET SCAN Suspicious inbound to mySQL port 3306 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.128.193.35:43695 -> 10.57.101.211:3306
02/16/2019-18:51:33.357906  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:27125
02/16/2019-18:52:05.988249  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:24150
02/16/2019-18:52:38.830321  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:23746
02/16/2019-18:53:10.103530  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:53294
02/16/2019-18:53:41.116622  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:26721
02/16/2019-18:54:10.954927  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:9103
02/16/2019-18:54:42.576982  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:48912
02/16/2019-18:55:14.054229  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:33998
02/16/2019-18:55:30.756615  [**] [1:2010937:3] ET SCAN Suspicious inbound to mySQL port 3306 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.128.74.210:34448 -> 10.57.101.211:3306
02/16/2019-18:55:45.863066  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:10845
02/16/2019-18:56:17.383836  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:48894
02/16/2019-18:56:50.242770  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:50342
02/16/2019-18:57:21.670016  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:26204
02/16/2019-18:57:52.838060  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:2518
02/16/2019-18:58:25.712029  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:39231
02/16/2019-18:58:58.635651  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:34697
02/16/2019-18:59:28.884166  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:30138
02/16/2019-18:59:58.874846  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:25751
02/16/2019-19:00:24.258771  [**] [1:2016141:5] ET INFO Executable Download from dotted-quad Host [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.47.101.2:22828 -> 54.67.11.78:80
02/16/2019-19:00:24.542367  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 54.67.11.78:80 -> 10.47.101.2:22828
02/16/2019-19:00:24.542367  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 54.67.11.78:80 -> 10.47.101.2:22828
02/16/2019-19:00:24.542367  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 54.67.11.78:80 -> 10.47.101.2:22828
02/16/2019-19:00:30.007879  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:32749
02/16/2019-19:00:31.958576  [**] [1:2010937:3] ET SCAN Suspicious inbound to mySQL port 3306 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.128.30.154:45516 -> 10.57.101.211:3306
02/16/2019-19:01:00.289553  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:27290
02/16/2019-19:01:32.460730  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:36462
02/16/2019-19:01:35.751914  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:29968
02/16/2019-19:02:04.150914  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:33973
02/16/2019-19:02:08.487933  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:29539
02/16/2019-19:02:34.493127  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:28761
02/16/2019-19:02:40.680476  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:47143
02/16/2019-19:03:05.968778  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:56115
02/16/2019-19:03:10.806079  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:23578
02/16/2019-19:03:36.238094  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:1847
02/16/2019-19:03:42.900561  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:52615
02/16/2019-19:04:06.102036  [**] [1:2010937:3] ET SCAN Suspicious inbound to mySQL port 3306 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.128.217.216:41557 -> 10.57.101.211:3306
02/16/2019-19:04:07.769752  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:25508
02/16/2019-19:04:14.129573  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:43544
02/16/2019-19:04:38.022636  [**] [1:2011540:6] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [**] [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.67.11.78:443 -> 10.47.101.2:19725
02/16/2019-19:04:06.102036  [**] [1:2010937:3] ET SCAN Suspicious inbound to mySQL port 3306 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 10.128.217.216:41557 -> 10.57.101.211:3306
02/16/2019-19:04:06.326027  [**] [1:2001219:20] ET SCAN Potential SSH Scan [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 10.128.217.216:45960 -> 10.57.101.63:22
02/16/2019-19:04:06.326027  [**] [1:2003068:7] ET SCAN Potential SSH Scan OUTBOUND [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 10.128.217.216:45960 -> 10.57.101.63:22


unified2.alert.1562764366 - (227990 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
4\hXÞaƒ¯9
€b
9eÓµêf\hXÞ\hXÞaƒJPVšS¿)O…ˆE<þì@?`&
€b
9eÓµêèNò$ 9lo´
9È4\hXì7( o

9eEÊƽ\hXì\hXì7(äPVšS¿)O…ˆEÖ@?¾ž

9eEÊƽ[ÖZûÜ[ܾ€A=
§T||FžÿSMBsHÿÿ7àÿðXDÀ€c¡‚T0‚P¢‚L‚HNTLMSSPZÖÖr@@ZHˆ administratoráxèÌ·*‰ ÓV½bFA5UR6N1•ãðàf‹ ¸ŽёÁ!jÆÔFA5UR6N1LILITHODS&lilith.corp.ods.comcorp.ods.comcorp.ods.comёÁ!jÆÔ	cifs/LILITHUnixSamba4\hXík© Á	

9eEÊƽ¨\hXí\hXík©ŒPVšS¿)O…ˆE~@?¿ö

9eEÊƽ[Ö\Ü[Ý<€¦#
§UW|[FÿSMBuHÿÿ7àÿ\\10.57.101.69\IPC$?????4\hXîˆ2 Ç

9eEÊƽ¦\hXî\hXîˆ2ŠPVšS¿)O…ˆE|@?¿ø

9eEÊƽ[ÖcJÜ[Ềãª
§\A}DÿSMBuHÿÿ7àÿ\\10.57.101.69\C$?????4\hY¬Y±”6CN
/e»Ö\hY\hY¬YºE¬‹6CN
/e»P\¦:6éìJZø¶^P¸½×T¾`nÙØ?
‹ì£¼<Õ,Ó­*À0ÿh2ÿü0‚ø0‚à	žxóf@^ї0
	*†H†÷
0>10	Uus10
Ulol1!0U
Internet Widgits Pty Ltd0
190213035245Z
200213035245Z0>10	Uus10
Ulol1!0U
Internet Widgits Pty Ltd0‚"0
	*†H†÷
‚0‚
‚¾~$ٙ‘y2—î“ÒƒzföÎm„:†ÂF3íK±îÌrpÁ<´™–ÒÐ&÷l~D&¡U“®ÃÞMëKÏ擼Êv?äY¥é?_W¸[µæ÷ÿ?H‘d&Ӂ@NéCà£}¹›ÏX¥`_]ìKFë] lJ7Ž7AñÏ/.
§ïîˊŠ~{Œæ…ôoµf3®˜*no'/2ÂXÛ*e¤Öw=í…2ã8âÂGˆè’¡xDTYߘ>Ù¹HskÑRVKDõ|ÐKêC1æøÐGTP9ÅnߦB)dž7ËCV2˜0€ç?ŽYuÍh‘­GHöłe0
	*†H†÷
‚>•©X_Û΋äE¶vi?YGm_Tª%ˆå宪٥ü‹(q:¸°§Ó|®i6™ü(LŒ)tŸ;Ùhäõõ.˜¨Œ?-c;É ±žñ¥'ë[Ùªö³"Î›éª¥?ùÞ̵æ/ÈftLw)°×Só;ÈëTÔ¬@9¼‹‹è´FÑðäæܦ΀ÏôÌT̄þ½ÔúžÛ>ùåDº[l8Ms4[rÁŒfYV3²…	öU
ê|X=ÕO½dÌ.'–‹XA®T
hÛܾ•ßêÐ-Qvõ}‚ú°é©›o‘ö÷%+ä2¹Øxv7“wO4±R`$-/㆟,( ®3÷ÄÁ¶ò:×áúð~¹}¢tfÒËhOeJàG|aö%ú‹LÓ7íõ+ÉÝvG/ADr+ha_€v¢ÂÞϾ£â?ŽeKqD™®–.ÈO—Nèê`b™žçúûZ‡Ö—Ïžý„4„澓„벐W‚®”ª²e”ó_Œ_ê6í¬*8ËÆo‹_î9þ*EF¾h¶ÖÍKkçÝÊiDH Œ0Ì#‹Ã©‰­Êá]j¡ ÇÁã)â\ŸY¤t[wwæžEh’šÉoîP°‚ý\¿cb‘¹ÙJ*‚ ¥Ò›€ª7ù©±_á;Q+ÜÛÕ×]+ËcÅJjÈd>¦ÆN:Þö¬DБõÜT§q_ƒH[ò,L÷niZWÍ4þµ?4\hY ÃQ±”6CN
/e»O–Ö\hY \hY ÃQºE¬‹6CN
/e»O–Pž:6Ã.Ö±(b>ß—Ï»õÓÀË·‹-ÚK/½ZxÌ_À0ÿh2ÿü0‚ø0‚à	žxóf@^ї0
	*†H†÷
0>10	Uus10
Ulol1!0U
Internet Widgits Pty Ltd0
190213035245Z
200213035245Z0>10	Uus10
Ulol1!0U
Internet Widgits Pty Ltd0‚"0
	*†H†÷
‚0‚
‚¾~$ٙ‘y2—î“ÒƒzföÎm„:†ÂF3íK±îÌrpÁ<´™–ÒÐ&÷l~D&¡U“®ÃÞMëKÏ擼Êv?äY¥é?_W¸[µæ÷ÿ?H‘d&Ӂ@NéCà£}¹›ÏX¥`_]ìKFë] lJ7Ž7AñÏ/.
§ïîˊŠ~{Œæ…ôoµf3®˜*no'/2ÂXÛ*e¤Öw=í…2ã8âÂGˆè’¡xDTYߘ>Ù¹HskÑRVKDõ|ÐKêC1æøÐGTP9ÅnߦB)dž7ËCV2˜0€ç?ŽYuÍh‘­GHöłe0
	*†H†÷
‚>•©X_Û΋äE¶vi?YGm_Tª%ˆå宪٥ü‹(q:¸°§Ó|®i6™ü(LŒ)tŸ;Ùhäõõ.˜¨Œ?-c;É ±žñ¥'ë[Ùªö³"Î›éª¥?ùÞ̵æ/ÈftLw)°×Só;ÈëTÔ¬@9¼‹‹è´FÑðäæܦ΀ÏôÌT̄þ½ÔúžÛ>ùåDº[l8Ms4[rÁŒfYV3²…	öU
ê|X=ÕO½dÌ.'–‹XA®T
hÛܾ•ßêÐ-Qvõ}‚ú°é©›o‘ö÷%+ä2¹Øxv7“wO4±R`$-/㆟,( ¼ö‹qQLG,9—|f·ƒš—Mž‘U©ÑíJšWÚ,?D©â¤§¤‹¼bV{âRƄý²×rìð}çucðft/ÌçXÀˆ&·X$„Ó×Ùh`¤ÿ.p<‡;cPŸ ¸ñ£^݃…¯0æ
ŽVÀ8œß`¥&FPs—û‡jnï:͌”Ä"bÃI
© 3Ïò×?H›Él,â#mÿüßkÊé^Ú¦VÒñƒãŽW7jт4ÔÌâF.b?X/Á"ÕîÓ¦|ûóß$Ö"ó±EäÎÒg0ºõXÏ·*!¿Ïý4mL%s¦üüžTSSm~%ÚÒøtOò§p%8­¦ìÕSéP%`!Ÿx Ù+jðÿô{k¸KJà"¥º'&À-4\hY$j¾ k

9eE
½ÊÉN\hY$\hY$j¾2E$>Q
9eE
½ÊÉP”UøþSMB@AœnUçS“J³a–LL ô?¤$0jÆÔã\eÆÔ€x`v+ l0j <0:
+‚7	*†H‚÷	*†H†÷
*†H†÷
+‚7
£*0( &$not_defined_in_RFC4178@please_ignore‡\hY$\hY$j¾kE]>
9eE
½ÊÉP#\1þSMB@À)	H顁æ0ã 
¡
+‚7
¢ÍÊNTLMSSP8‰¢Rp¾‡DeŒŒ>±ODSODSLILITHcorp.ods.com&lilith.corp.ods.comcorp.ods.comO:0jÆÔ§\hY$\hY$j¾‹E}>ø
9eE
½ÊÉPŠQþSMB@	))U*@‘ø¦'y›56(ùÃ	H	¡0 
¦\hY$\hY$j¾ŠE|>ù
9eE
½ÊÉP(˜PþSMB@!)0ÿÆ\hY$\hY$j¾ªEœ>Ù
9eE
½ÊÉPEZpþSMB@!)1ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿppî\hY$\hY$j¾ÒEÄ>±
9eE
½ÊÉP¨	˜þSMB@!)Y€mCQÿÿÿÿŸ\hY$\hY$j¾ƒEu?
9eE
½ÊÉPp¨IþSMB@)	Ê\hY$\hY$j¾®E >Õ
9eE
½ÊÉPâJtþSMB@)P$Microsoft Windows [Version 6.1.7601]¨\hY$\hY$j¾ŒE~>÷
9eE
½ÊÉP.RþSMB@)P
å\hY$\hY$j¾ÉE»>º
9eE
½ÊÉPþSMB@)P?Copyright (c) 2009 Microsoft Corporation.  All rights reserved.¨\hY$\hY$j¾ŒE~>÷
9eE
½ÊÉP-RþSMB@	)P
¨\hY$\hY$j¾ŒE~>÷
9eE
½ÊÉP,RþSMB@
)P
º\hY$\hY$j¾žE>å
9eE
½ÊÉPWÒdþSMB@)PC:\Windows\system32>Ÿ\hY$\hY$j¾ƒEu?
9eE
½ÊÉPp¨IþSMB@)	Æ\hY$\hY$j¾ªEœ>Ù
9eE
½ÊÉP
pþSMB@)P c:\Windows\system32\winbin.exe
¨\hY$\hY$j¾ŒE~>÷
9eE
½ÊÉP)RþSMB@
)P
º\hY$\hY$j¾žE>å
9eE
½ÊÉPTÒdþSMB@)PC:\Windows\system32>Ÿ\hY$\hY$j¾ƒEu?
9eE
½ÊÉPa¨IþSMB@))	¼\hY$\hY$j¾ E’>ã
9eE
½ÊÉPŽfþSMB@))Pdir | findstr winbin
Ÿ\hY$\hY$j¾ƒEu?
9eE
½ÊÉP\¨IþSMB@-)	¨\hY$\hY$j¾ŒE~>÷
9eE
½ÊÉPùŒRþSMB@-)P
º\hY$\hY$j¾žE>å
9eE
½ÊÉPQÒdþSMB@)PC:\Windows\system32>Ÿ\hY$\hY$j¾ƒEu?
9eE
½ÊÉPR¨IþSMB@5)	4\hY>
.b k

9eE
½ÊÍN\hY>\hY>
.b2E$>Q
9eE
½ÊÍP7øþSMB@AœnUçS“J³a–LL ôŠ£îJjÆÔã\eÆÔ€x`v+ l0j <0:
+‚7	*†H‚÷	*†H†÷
*†H†÷
+‚7
£*0( &$not_defined_in_RFC4178@please_ignore‡\hY>\hY>
.bkE]>
9eE
½ÊÍPô‚1þSMB@À9	H顁æ0ã 
¡
+‚7
¢ÍÊNTLMSSP8‰¢ðóoˆrrƌŒ>±ODSODSLILITHcorp.ods.com&lilith.corp.ods.comcorp.ods.com ûüJjÆÔ§\hY>\hY>
.b‹E}>ø
9eE
½ÊÍP*²QþSMB@	9
ڐ>µ/ë’XϞ´ˆ#	H	¡0 
¦\hY>\hY>
.bŠE|>ù
9eE
½ÊÍP”PþSMB@!90ÿÆ\hY>\hY>
.bªEœ>Ù
9eE
½ÊÍP5VpþSMB@!91ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿppî\hY>\hY>
.bÒEÄ>±
9eE
½ÊÍPt˜þSMB@!9Y€mCuÿÿÿÿŸ\hY>\hY>
.bƒEu?
9eE
½ÊÍP`¤IþSMB@9	Ê\hY>\hY>
.b®E >Õ
9eE
½ÊÍPÒFtþSMB@9P$Microsoft Windows [Version 6.1.7601]¨\hY>\hY>
.bŒE~>÷
9eE
½ÊÍP‰RþSMB@9P
å\hY>\hY>
.bÉE»>º
9eE
½ÊÍP
þSMB@9P?Copyright (c) 2009 Microsoft Corporation.  All rights reserved.¨\hY>\hY>
.bŒE~>÷
9eE
½ÊÍP‰RþSMB@	9P
¨\hY>\hY>
.bŒE~>÷
9eE
½ÊÍP‰RþSMB@
9P
º\hY>\hY>
.bžE>å
9eE
½ÊÍPGÎdþSMB@9PC:\Windows\system32>Ÿ\hY>\hY>
.bƒEu?
9eE
½ÊÍP`¤IþSMB@9	¶\hY>\hY>
.bšEŒ>é
9eE
½ÊÍP"Þ`þSMB@9Pdir winbin.exe
È\hY>\hY>
.b¬Ež>×
9eE
½ÊÍP¯´rþSMB@
9P" Volume in drive C has no label.
Ê\hY>\hY>
.b®E >Õ
9eE
½ÊÍPrßtþSMB@9P$ Volume Serial Number is 8CEA-6FC4
¨\hY>\hY>
.bŒE~>÷
9eE
½ÊÍP‰RþSMB@9P
Ë\hY>\hY>
.b¯E¡>Ô
9eE
½ÊÍPÁ=uþSMB@9P% Directory of C:\Windows\system32

¨\hY>\hY>
.bŒE~>÷
9eE
½ÊÍP‰RþSMB@9P
º\hY>\hY>
.bžE>å
9eE
½ÊÍP@ÎdþSMB@9PC:\Windows\system32>Ÿ\hY>\hY>
.bƒEu?
9eE
½ÊÍP=¤IþSMB@99	4	\hY@	M±”6CN
/e»u°Ö	\hY@\hY@	MºE¬‹6CN
/e»u°Pd]:6c÷!´B`-<rùؐ§­^ÑݤÌ'>¨T‚
0ÌßN!À0ÿh2ÿü0‚ø0‚à	žxóf@^ї0
	*†H†÷
0>10	Uus10
Ulol1!0U
Internet Widgits Pty Ltd0
190213035245Z
200213035245Z0>10	Uus10
Ulol1!0U
Internet Widgits Pty Ltd0‚"0
	*†H†÷
‚0‚
‚¾~$ٙ‘y2—î“ÒƒzföÎm„:†ÂF3íK±îÌrpÁ<´™–ÒÐ&÷l~D&¡U“®ÃÞMëKÏ擼Êv?äY¥é?_W¸[µæ÷ÿ?H‘d&Ӂ@NéCà£}¹›ÏX¥`_]ìKFë] lJ7Ž7AñÏ/.
§ïîˊŠ~{Œæ…ôoµf3®˜*no'/2ÂXÛ*e¤Öw=í…2ã8âÂGˆè’¡xDTYߘ>Ù¹HskÑRVKDõ|ÐKêC1æøÐGTP9ÅnߦB)dž7ËCV2˜0€ç?ŽYuÍh‘­GHöłe0
	*†H†÷
‚>•©X_Û΋äE¶vi?YGm_Tª%ˆå宪٥ü‹(q:¸°§Ó|®i6™ü(LŒ)tŸ;Ùhäõõ.˜¨Œ?-c;É ±žñ¥'ë[Ùªö³"Î›éª¥?ùÞ̵æ/ÈftLw)°×Só;ÈëTÔ¬@9¼‹‹è´FÑðäæܦ΀ÏôÌT̄þ½ÔúžÛ>ùåDº[l8Ms4[rÁŒfYV3²…	öU
ê|X=ÕO½dÌ.'–‹XA®T
hÛܾ•ßêÐ-Qvõ}‚ú°é©›o‘ö÷%+ä2¹Øxv7“wO4±R`$-/㆟,( ¡þ’…iZQg]à%yð6ŽXølñ#	ltP±û·ˆ´íßw‡—ûݛM
áã5ÿL¥½&XqBƒ˜³Ý¦ñ^ 	˜¯>–®«QâC]Á_QÅÕFú^§z¦º>T¸‹’¢¨cÐíçÏ¢­­gÝz":+I¨Ëð)ï9„áÙP ØE'JVó‹mà™M=‰3:N{ɘÚ\(s´Ï/±6%l¯¥Ù2H€²ÞV›$„Ȉž÷è>ËÚîBM«Y¿¦4þwóó«¾#Ê7ú2§‰TŠê_ýéáÍæNî>°žy¸;ßáîDEݸZhO(È3žGËÂ[Œ-/hWú3‹ü´­º|×°8gΊ"Á4
\hY_’¬±”6CN
/e»êÖ
\hY_\hY_’¬ºE¬‹6CN
/e»êPý@:61Ëh5’ÄüÈQ™e2réŠI¸aqs1^×OKô\À0ÿh2ÿü0‚ø0‚à	žxóf@^ї0
	*†H†÷
0>10	Uus10
Ulol1!0U
Internet Widgits Pty Ltd0
190213035245Z
200213035245Z0>10	Uus10
Ulol1!0U
Internet Widgits Pty Ltd0‚"0
	*†H†÷
‚0‚
‚¾~$ٙ‘y2—î“ÒƒzföÎm„:†ÂF3íK±îÌrpÁ<´™–ÒÐ&÷l~D&¡U“®ÃÞMëKÏ擼Êv?äY¥é?_W¸[µæ÷ÿ?H‘d&Ӂ@NéCà£}¹›ÏX¥`_]ìKFë] lJ7Ž7AñÏ/.
§ïîˊŠ~{Œæ…ôoµf3®˜*no'/2ÂXÛ*e¤Öw=í…2ã8âÂGˆè’¡xDTYߘ>Ù¹HskÑRVKDõ|ÐKêC1æøÐGTP9ÅnߦB)dž7ËCV2˜0€ç?ŽYuÍh‘­GHöłe0
	*†H†÷
‚>•©X_Û΋äE¶vi?YGm_Tª%ˆå宪٥ü‹(q:¸°§Ó|®i6™ü(LŒ)tŸ;Ùhäõõ.˜¨Œ?-c;É ±žñ¥'ë[Ùªö³"Î›éª¥?ùÞ̵æ/ÈftLw)°×Só;ÈëTÔ¬@9¼‹‹è´FÑðäæܦ΀ÏôÌT̄þ½ÔúžÛ>ùåDº[l8Ms4[rÁŒfYV3²…	öU
ê|X=ÕO½dÌ.'–‹XA®T
hÛܾ•ßêÐ-Qvõ}‚ú°é©›o‘ö÷%+ä2¹Øxv7“wO4±R`$-/㆟,( sŠ™ø—0åË"­èKo%~ŸíŸU,6oyçc¢Âu'…ïøðp&ÌIC;%ÙÖfCÆí‹iÌﺽt\á&ñ¢âJü‰h>cºpÐDOÆk*ɏ"áv¸¤Å2-³xQÞ.Õ(.7ˆªÃG²žr½@°ÛÖ5P¢
úwë{‘¯£#_X8è1¦K¤PY
üCªi«ìä$¤§›h.NãQlÍ}ºÐ‚±pZ
ÆæX¦óÀbf
K`<n†™¾,Mh„Þ7æ±ë{k‚ÿ&“±ø5æ^þ?jМ‰ÀömŽÖ€îõÙSÐÙNl±›ë\€ÙñŸ˜¥[¡NBÄ×hÏ-ÙTNG¹Öñ›l0èÙ1šS”Ìr‚©C÷q4\hYr
ñŽÍ
/e6CNÚP™\hYr\hYr
ñŽ}Eo	È
/e6CNÚPP¨GET /winbin.exe HTTP/1.1
Host: 54.67.11.78
Connection: Keep-Alive

4\hYrjGΏ!6CN
/ePÚ\hYr\hYrjGêEÜ[6CN
/ePÚPI¡$P ‰$èc‹D$…À„š‰D$‹H…ÉuS‹H ‹P…Ò•Â…É•Á	фÉu#‹„‹P
.…Òu	ÇAD띍yD1Àè…rë‘ènn‹$‹L$‹T$‰B‰J ‰ÐëËD$$‹P‰L$‰$èv¨‹P
.…Àu‹L$ÇA‰È끋L$y1Àè/rëì‹D$ë

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1187 bytes) - download
1
2
3
4
5
6
7
8
2019-07-10 13:12:39,214 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-10 13:12:39,931 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-10 13:12:39,931 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-07-10 13:12:39,931 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-10 13:12:39,931 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-10 13:12:39,932 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/dd65444a5d8bc5dac8d7ea223fa3b33bd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/07102019.1312-wrccdc.qualifiers.2019-02-16.113949000000000.pcap -vvv -k none
2019-07-10 13:12:58,629 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-10 13:12:58,629 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 19.4219219685