Filename: 28fcf235-c43d-4cf9-b379-a76b1b35fa51.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 21.0787689686 seconds
Hash: e5d85cf4461f4616a82302f953928380
Uploaded: 1553350166

Logfiles


packet_stats.log - (18440 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             8         34183908       37353619      35885894        287.1m    6.97
 IPv4       6            23          4574374       53572700      39571003        910.1m   22.10
 IPv4      17            62          3705393       52851333      20765520          1.3b   31.26
 IPv6      17            36          5398765       50993950      34734087          1.3b   30.36
 IPv6      58             9         39431270       46451026      42545956        382.9m    9.30
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             8           102869         944874        321952          2.6m    4.22
TMM_FLOWWORKER              IPv4       6            23            82044        5197334        630346         14.5m   23.76
TMM_FLOWWORKER              IPv4      17            62           118623        8552102        372156         23.1m   37.81
TMM_RECEIVEPCAPFILE         IPv4       1             8             2562           2827          2662         21.3k    0.03
TMM_RECEIVEPCAPFILE         IPv4       6            21             2554           4461          2932         61.6k    0.10
TMM_RECEIVEPCAPFILE         IPv4      17            62             2558           8394          2905        180.1k    0.30
TMM_DECODEPCAPFILE          IPv4       1             8             2630           7136          3330         26.6k    0.04
TMM_DECODEPCAPFILE          IPv4       6            21             2667          13957          3650         76.7k    0.13
TMM_DECODEPCAPFILE          IPv4      17            62             2688          26818          3182        197.3k    0.32
TMM_FLOWWORKER              IPv6      17            36           108629       10343865        506293         18.2m   29.87
TMM_FLOWWORKER              IPv6      58             9            66459         454825        201938          1.8m    2.98
TMM_RECEIVEPCAPFILE         IPv6      17            36             2547           3553          2806        101.1k    0.17
TMM_RECEIVEPCAPFILE         IPv6      58             9             2560           2831          2704         24.3k    0.04
TMM_DECODEPCAPFILE          IPv6      17            36             2676          13512          3091        111.3k    0.18
TMM_DECODEPCAPFILE          IPv6      58             9             2714           5290          3137         28.2k    0.05

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            21             2879           4139          3271         68.7k  0.12  
flow                    IPv4      17            62             2656          26755          4105        254.5k  0.44  
stream                  IPv4       6            23             3038         353946         38479        885.0k  1.53  
app-layer               IPv4      17            62             2533          43191          4702        291.5k  0.51  
detect                  IPv4       1             8            97279         937875        315836          2.5m  4.38  
detect                  IPv4       6            23            57642        5018264        554914         12.8m  22.12 
detect                  IPv4      17            62           102194        8530349        343328         21.3m  36.88 
tcp-prune               IPv4       6            23             2571          10092          3296         75.8k  0.13  
flow                    IPv6      17            36             2829         620936         21364        769.1k  1.33  
flow                    IPv6      58             9             2866           4957          3370         30.3k  0.05  
app-layer               IPv6      17            36             2533          12753          5111        184.0k  0.32  
detect                  IPv6      17            36            91905       10309664        468521         16.9m  29.23 
detect                  IPv6      58             9            55110         442909        189823          1.7m  2.96  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2             6323          38339         22331         44.7k  65.04 
dns                     IPv4      17             2             6610          17398         12004         24.0k  34.96 
Proto detect            IPv4       6             1            11479          11479         11479         11.5k
Proto detect            IPv4      17             9             2717          29785          9623         86.6k
Proto detect            IPv6      17            13             2933           6457          3687         47.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             2            49615         463543        256579        513.2k  58.88 
LOGGER_JSON_HTTP            IPv4       6             2            54638          96784         75711        151.4k  17.37 
LOGGER_JSON_FILE            IPv4       6             2            64337         142664        103500        207.0k  23.75 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             8             3120          12817          5139        41.1k  0.36  
payload                           IPv4       6            10             3019         159782         54846       548.5k  4.84  
payload                           IPv4      17            62             3185        8395348        143797         8.9m  78.67 
stream                            IPv4       6            10             2556         287843         61064       610.6k  5.39  
http_uri                          IPv4       6             2             9357          11950         10653        21.3k  0.19  
http_request_line                 IPv4       6             2             6830           9025          7927        15.9k  0.14  
http_client_body                  IPv4       6             2           171796         179818        175807       351.6k  3.10  
http_header (request)             IPv4       6             2            54800          69754         62277       124.6k  1.10  
http_header (request trailer)     IPv4       6             2             2640           2846          2743         5.5k  0.05  
http_header_names (request)       IPv4       6             2            17955          23752         20853        41.7k  0.37  
http_accept (request)             IPv4       6             2             4037           4141          4089         8.2k  0.07  
http_referer (request)            IPv4       6             2             3120           3238          3179         6.4k  0.06  
http_content_len (request)        IPv4       6             2             4642          17076         10859        21.7k  0.19  
http_content_type (request)       IPv4       6             2            10103          12338         11220        22.4k  0.20  
http_protocol (request)           IPv4       6             2             7108           8259          7683        15.4k  0.14  
http_start (request)              IPv4       6             2            11133          13299         12216        24.4k  0.22  
http_raw_header (request)         IPv4       6             2            12960          19580         16270        32.5k  0.29  
http_method                       IPv4       6             2             5353           6643          5998        12.0k  0.11  
http_cookie (request)             IPv4       6             2             3205           3710          3457         6.9k  0.06  
http_raw_uri                      IPv4       6             2             5751           6204          5977        12.0k  0.11  
http_user_agent                   IPv4       6             2            10957          13341         12149        24.3k  0.21  
http_host                         IPv4       6             2             8994          11119         10056        20.1k  0.18  
dns_query                         IPv4      17             1            13597          13597         13597        13.6k  0.12  
http_response_line                IPv4       6             1             6434           6434          6434         6.4k  0.06  
http_header (response)            IPv4       6             1            42854          42854         42854        42.9k  0.38  
http_header (response trailer)    IPv4       6             1             2829           2829          2829         2.8k  0.02  
http_content_type (response)      IPv4       6             1            61116          61116         61116        61.1k  0.54  
http_raw_header (response)        IPv4       6             1            10315          10315         10315        10.3k  0.09  
http_cookie (response)            IPv4       6             1             3619           3619          3619         3.6k  0.03  
http_stat_code                    IPv4       6             1             6557           6557          6557         6.6k  0.06  
Total                             IPv4                   134                                         82311        11.0m
payload                           IPv6      17            36             3386          28895          7405       266.6k  2.35  
payload                           IPv6      58             9             2925           7127          4062        36.6k  0.32  
Total                             IPv6                    45                                          6736       303.1k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             8             4999         828652        126739          1.0m  1.49  
PROF_DETECT_IPONLY          IPv4       6             4            12857          82325         48818        195.3k  0.29  
PROF_DETECT_IPONLY          IPv4      17             9            37626         157389         66129        595.2k  0.87  
PROF_DETECT_RULES           IPv4       1             8            13891          46189         27127        217.0k  0.32  
PROF_DETECT_RULES           IPv4       6            23             2653        4167158        386510          8.9m  13.04 
PROF_DETECT_RULES           IPv4      17            62            44524         632378        124716          7.7m  11.34 
PROF_DETECT_STATEFUL_START    IPv4       6             4             5259        1711455        905606          3.6m  5.31  
PROF_DETECT_STATEFUL_CONT    IPv4       1             8             2524           2813          2624         21.0k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv4       6            23             2522           7813          4574        105.2k  0.15  
PROF_DETECT_STATEFUL_CONT    IPv4      17            62             2521         101087          4432        274.8k  0.40  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            11             2579           3127          2751         30.3k  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             2795           3456          3125          6.3k  0.01  
PROF_DETECT_PREFILTER       IPv4       1             8            23873          43555         28846        230.8k  0.34  
PROF_DETECT_PREFILTER       IPv4       6            23             7896         805033        115625          2.7m  3.90  
PROF_DETECT_PREFILTER       IPv4      17            62            23820        8423500        168520         10.4m  15.33 
PROF_DETECT_PF_PAYLOAD      IPv4       1             8             8188          18148         10403         83.2k  0.12  
PROF_DETECT_PF_PAYLOAD      IPv4       6            10            47836         298578        123804          1.2m  1.82  
PROF_DETECT_PF_PAYLOAD      IPv4      17            62             8246        8403286        149586          9.3m  13.60 
PROF_DETECT_PF_TX           IPv4       6            11             2770         469091         96240          1.1m  1.55  
PROF_DETECT_PF_TX           IPv4      17             1            19642          19642         19642         19.6k  0.03  
PROF_DETECT_PF_SORT1        IPv4       1             8             2536           3317          2763         22.1k  0.03  
PROF_DETECT_PF_SORT1        IPv4       6            10             2734          15634          5716         57.2k  0.08  
PROF_DETECT_PF_SORT1        IPv4      17            62             2626           8262          3379        209.5k  0.31  
PROF_DETECT_PF_SORT2        IPv4       1             8             2545           3527          2751         22.0k  0.03  
PROF_DETECT_PF_SORT2        IPv4       6            23             2556           9076          3303         76.0k  0.11  
PROF_DETECT_PF_SORT2        IPv4      17            62             2555           4765          2793        173.2k  0.25  
PROF_DETECT_NONMPMLIST      IPv4       1             8             2573         764863         98007        784.1k  1.15  
PROF_DETECT_NONMPMLIST      IPv4       6            23             2544           3520          2933         67.5k  0.10  
PROF_DETECT_NONMPMLIST      IPv4      17            62             2533           3722          2809        174.2k  0.26  
PROF_DETECT_ALERT           IPv4       1             8             2536           3426          2680         21.4k  0.03  
PROF_DETECT_ALERT           IPv4       6            23             2532           3534          2680         61.7k  0.09  
PROF_DETECT_ALERT           IPv4      17            62             2534          14470          2831        175.5k  0.26  
PROF_DETECT_CLEANUP         IPv4       1             8             2532           3344          2668         21.4k  0.03  
PROF_DETECT_CLEANUP         IPv4       6            23             2627          10462          3243         74.6k  0.11  
PROF_DETECT_CLEANUP         IPv4      17            62             2531           5448          2720        168.7k  0.25  
PROF_DETECT_GETSGH          IPv4       1             8             2745           3234          2876         23.0k  0.03  
PROF_DETECT_GETSGH          IPv4       6            23             2545          18443          4446        102.3k  0.15  
PROF_DETECT_GETSGH          IPv4      17            62             2523          53905          4685        290.5k  0.43  
PROF_DETECT_IPONLY          IPv6      17            13             2899          14776          4802         62.4k  0.09  
PROF_DETECT_IPONLY          IPv6      58             1             7263           7263          7263          7.3k  0.01  
PROF_DETECT_RULES           IPv6      17            36            33868         885041         91209          3.3m  4.82  
PROF_DETECT_RULES           IPv6      58             9             2759           3150          2852         25.7k  0.04  
PROF_DETECT_STATEFUL_CONT    IPv6    

This file has been truncated. Go here to download in full.


suricata-report-2019-03-23-T-14-09-47-03232019.1409-28fcf235-c43d-4cf9-b379-a76b1b35fa51.pcap.txt - (17707 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/e5d85cf4461f4616a82302f95392838056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03232019.1409-28fcf235-c43d-4cf9-b379-a76b1b35fa51.pcap -vvv -k none
elapsedtime:20.113322
stderr:
stdout:
23/3/2019 -- 14:09:27 - <Info> - Configuration node 'rule-files' redefined.
23/3/2019 -- 14:09:27 - <Notice> - This is Suricata version 4.0.0 RELEASE
23/3/2019 -- 14:09:27 - <Info> - CPUs/cores online: 1
23/3/2019 -- 14:09:27 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34045 and 'request-body-inspect-window' set to 15727 after randomization.
23/3/2019 -- 14:09:27 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31438 and 'response-body-inspect-window' set to 16538 after randomization.
23/3/2019 -- 14:09:27 - <Config> - DNS request flood protection level: 500
23/3/2019 -- 14:09:27 - <Config> - DNS per flow memcap (state-memcap): 524288
23/3/2019 -- 14:09:27 - <Config> - DNS global memcap: 16777216
23/3/2019 -- 14:09:27 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
23/3/2019 -- 14:09:27 - <Config> - preallocated 1000 hosts of size 136
23/3/2019 -- 14:09:27 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
23/3/2019 -- 14:09:27 - <Config> - using magic-file /usr/share/file/magic
23/3/2019 -- 14:09:27 - <Config> - Core dump size is unlimited.
23/3/2019 -- 14:09:27 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
23/3/2019 -- 14:09:27 - <Config> - preallocated 1000 defrag trackers of size 168
23/3/2019 -- 14:09:27 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
23/3/2019 -- 14:09:27 - <Config> - stream "prealloc-sessions": 2048 (per thread)
23/3/2019 -- 14:09:27 - <Config> - stream "memcap": 33554432
23/3/2019 -- 14:09:27 - <Config> - stream "midstream" session pickups: disabled
23/3/2019 -- 14:09:27 - <Config> - stream "async-oneside": disabled
23/3/2019 -- 14:09:27 - <Config> - stream "checksum-validation": disabled
23/3/2019 -- 14:09:27 - <Config> - stream."inline": disabled
23/3/2019 -- 14:09:27 - <Config> - stream "bypass": disabled
23/3/2019 -- 14:09:27 - <Config> - stream "max-synack-queued": 5
23/3/2019 -- 14:09:27 - <Config> - stream.reassembly "memcap": 134217728
23/3/2019 -- 14:09:27 - <Config> - stream.reassembly "depth": 0
23/3/2019 -- 14:09:27 - <Config> - stream.reassembly "toserver-chunk-size": 2447
23/3/2019 -- 14:09:27 - <Config> - stream.reassembly "toclient-chunk-size": 2622
23/3/2019 -- 14:09:27 - <Config> - stream.reassembly.raw: enabled
23/3/2019 -- 14:09:27 - <Config> - stream.reassembly "segment-prealloc": 2048
23/3/2019 -- 14:09:27 - <Config> - Delayed detect disabled
23/3/2019 -- 14:09:27 - <Config> - pattern matchers: MPM: ac, SPM: bm
23/3/2019 -- 14:09:27 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
23/3/2019 -- 14:09:27 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
23/3/2019 -- 14:09:27 - <Config> - prefilter engines: MPM
23/3/2019 -- 14:09:27 - <Config> - IP reputation disabled
23/3/2019 -- 14:09:27 - <Perf> - Registered 148 keyword profiling counters.
23/3/2019 -- 14:09:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
23/3/2019 -- 14:09:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
23/3/2019 -- 14:09:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
23/3/2019 -- 14:09:32 - <Config> - No rules loaded from ET-icmp.rules.
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
23/3/2019 -- 14:09:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
23/3/2019 -- 14:09:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
23/3/2019 -- 14:09:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
23/3/2019 -- 14:09:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
23/3/2019 -- 14:09:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
23/3/2019 -- 14:09:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
23/3/2019 -- 14:09:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
23/3/2019 -- 14:09:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
23/3/2019 -- 14:09:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
23/3/2019 -- 14:09:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
23/3/2019 -- 14:09:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
23/3/2019 -- 14:09:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
23/3/2019 -- 14:09:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
23/3/2019 -- 14:09:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
23/3/2019 -- 14:09:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
23/3/2019 -- 14:09:39 - <Config> - No rules loaded from local.rules.
23/3/2019 -- 14:09:39 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
23/3/2019 -- 14:09:39 - <Info> - Threshold config parsed: 0 rule(s) found
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for tcp-packet
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for tcp-stream
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for udp-packet
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for other-ip
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_uri
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_request_line
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_client_body
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_response_line
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_header
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_header
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_header_names
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_header_names
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_accept
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_accept_enc
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_accept_lang
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_referer
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_connection
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_content_len
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_content_len
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_content_type
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_content_type
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_protocol
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_protocol
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_start
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_start
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_raw_header
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_raw_header
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_method
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_cookie
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_cookie
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_raw_uri
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_user_agent
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_host
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_raw_host
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_stat_msg
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_stat_code
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for dns_query
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for tls_sni
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for tls_cert_issuer
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for tls_cert_subject
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for tls_cert_serial
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for dce_stub_data
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for dce_stub_data
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for ssh_protocol
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for ssh_protocol
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for ssh_software
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for ssh_software
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for file_data
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for file_data
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_request_line
23/3/2019 -- 14:09:39 - <Perf> - using shared mpm ctx' for http_response_line
23/3/2019 -- 14:09:40 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
23/3/2019 -- 14:09:40 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
23/3/2019 -- 14:09:40 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
23/3/2019 -- 14:09:40 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
23/3/2019 -- 14:09:40 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
23/3/2019 -- 14:09:40 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
23/3/2019 -- 14:09:40 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
23/3/2019 -- 14:09:40 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
23/3/2019 -- 14:09:44 - <Perf> - Unique rule groups: 104
23/3/2019 -- 14:09:44 - <Perf> - Builtin MPM "toserver TCP packet": 35
23/3/2019 -- 14:09:44 - <Perf> - Builtin MPM "toclient TCP packet": 17
23/3/2019 -- 14:09:44 - <Perf> - Builtin MPM "toserver TCP stream": 33
23/3/2019 -- 14:09:44 - <Perf> - Builtin MPM "toclient TCP stream": 19
23/3/2019 -- 14:09:44 - <Perf> - Builtin MPM "toserver UDP packet": 27
23/3/2019 -- 14:09:44 - <Perf> - Builtin MPM "toclient UDP packet": 17
23/3/2019 -- 14:09:44 - <Perf> - Builtin MPM "other IP packet": 3
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_uri": 14
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_request_line": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_client_body": 6
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient http_response_line": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_header": 10
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient http_header": 6
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_header_names": 2
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_accept": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_referer": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_content_len": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_content_type": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient http_content_type": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_protocol": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_start": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_method": 5
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_cookie": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient http_cookie": 2
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver http_host": 2
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver dns_query": 4
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver tls_sni": 2
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toserver file_data": 1
23/3/2019 -- 14:09:44 - <Perf> - AppLayer MPM "toclient file_data": 7
23/3/2019 -- 14:09:46 - <Perf> - Registered 39590 rule profiling counters.
23/3/2019 -- 14:09:46 - <Info> - fast output device (regular) initialized: alert
23/3/2019 -- 14:09:46 - <Info> - eve-log output device (regular) initialized: eve.json
23/3/2019 -- 14:09:46 - <Config> - enabling 'eve-log' module 'alert'
23/3/2019 -- 14:09:46 - <Config> - enabling 'eve-log' module 'http'
23/3/2019 -- 14:09:46 - <Config> - enabling 'eve-log' module 'dns'
23/3/2019 -- 14:09:46 - <Config> - enabling 'eve-log' module 'tls'
23/3/2019 -- 14:09:46 - <Config> - enabling 'eve-log' module 'files'
23/3/2019 -- 14:09:46 - <Config> - enabling 'eve-log' module 'ssh'
23/3/2019 -- 14:09:46 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
23/3/2019 -- 14:09:46 - <Info> - stats output device (regular) initialized: stats.log
23/3/2019 -- 14:09:46 - <Config> - AutoFP mode using "Hash" flow load balancer
23/3/2019 -- 14:09:46 - <Info> - reading pcap file /var/pcap/03232019.1409-28fcf235-c43d-4cf9-b379-a76b1b35fa51.pcap
23/3/2019 -- 14:09:46 - <Config> - us

This file has been truncated. Go here to download in full.


stats.log - (2985 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 3/23/2019 -- 14:09:47 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 216
decoder.bytes                              | Total                     | 21387
decoder.ipv4                               | Total                     | 91
decoder.ipv6                               | Total                     | 45
decoder.ethernet                           | Total                     | 216
decoder.tcp                                | Total                     | 21
decoder.udp                                | Total                     | 98
decoder.icmpv4                             | Total                     | 8
decoder.icmpv6                             | Total                     | 9
decoder.avg_pkt_size                       | Total                     | 99
decoder.max_pkt_size                       | Total                     | 1294
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 21
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 2
tcp.synack                                 | Total                     | 2
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 10
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 20
flow.spare                                 | Total                     | 9993
flow_mgr.flows_checked                     | Total                     | 12
flow_mgr.flows_notimeout                   | Total                     | 12
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65524
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077760


eve.json - (2233 bytes) - download
1
2
3
4
5
6
{"timestamp":"2018-07-04T13:14:20.294920+0000","flow_id":497820132737032,"pcap_cnt":192,"event_type":"dns","src_ip":"192.168.100.37","src_port":61597,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28088,"rrname":"telo-spread.ddns.net","rrtype":"A","tx_id":0}}
{"timestamp":"2018-07-04T13:14:20.314462+0000","flow_id":497820132737032,"pcap_cnt":193,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.37","dest_port":61597,"proto":"UDP","dns":{"type":"answer","id":28088,"rcode":"NOERROR","rrname":"telo-spread.ddns.net","rrtype":"A","ttl":59,"rdata":"185.248.100.142"}}
{"timestamp":"2018-07-04T13:14:20.723666+0000","flow_id":920333245537723,"pcap_cnt":203,"event_type":"fileinfo","src_ip":"192.168.100.37","src_port":49972,"dest_ip":"185.248.100.142","dest_port":80,"proto":"TCP","http":{"hostname":"telo-spread.ddns.net","url":"\/get.php","http_user_agent":"Wget\/1.11.4","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"\/get.php","gaps":false,"state":"CLOSED","stored":false,"size":1891,"tx_id":0}}
{"timestamp":"2018-07-04T13:14:20.724237+0000","flow_id":920333245537723,"pcap_cnt":204,"event_type":"http","src_ip":"192.168.100.37","src_port":49972,"dest_ip":"185.248.100.142","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"telo-spread.ddns.net","url":"\/get.php","http_user_agent":"Wget\/1.11.4","http_content_type":"text\/html"}}
{"timestamp":"2018-07-04T13:14:21.653696+0000","flow_id":1677875282185610,"event_type":"http","src_ip":"192.168.100.37","src_port":49978,"dest_ip":"185.248.100.142","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"telo-spread.ddns.net","url":"\/get.php","http_user_agent":"Wget\/1.11.4"}}
{"timestamp":"2018-07-04T13:14:21.653696+0000","flow_id":1677875282185610,"event_type":"fileinfo","src_ip":"192.168.100.37","src_port":49978,"dest_ip":"185.248.100.142","dest_port":80,"proto":"TCP","http":{"hostname":"telo-spread.ddns.net","url":"\/get.php","http_user_agent":"Wget\/1.11.4","http_method":"POST","protocol":"HTTP\/1.0","length":0},"app_proto":"http","fileinfo":{"filename":"\/get.php","gaps":false,"state":"CLOSED","stored":false,"size":1891,"tx_id":0}}


keyword_perf.log - (11132 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/23/2019 -- 14:09:47
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             596753          178             178             11771           3352.00         3352.00         0.00           
  content          2128560         494             270             43320           4308.00         4334.00         4278.00        
  pcre             375780          40              16              45343           9394.00         7383.00         10735.00       
  byte_test        548861          51              40              381450          10761.00        12460.00        4585.00        
  byte_jump        69963           12              12              31289           5830.00         5830.00         0.00           
  isdataat         3008            1               0               3008            3008.00         0.00            3008.00        
  flowbits         54226           8               4               17301           6778.00         7007.00         6549.00        
  urilen           58791           18              4               4553            3266.00         2983.00         3346.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             596753          178             178             11771           3352.00         3352.00         0.00           
  flowbits         26196           4               0               16343           6549.00         0.00            6549.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          671086          169             82              21355           3970.00         3887.00         4049.00        
  pcre             82888           9               0               45343           9209.00         0.00            9209.00        
  byte_test        548861          51              40              381450          10761.00        12460.00        4585.00        
  byte_jump        69963           12              12              31289           5830.00         5830.00         0.00           
  isdataat         3008            1               0               3008            3008.00         0.00            3008.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         28030           4               4               17301           7007.00         7007.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          242665          64              44              12897           3791.00         3870.00         3617.00        
  pcre             158560          20              14              19995           7928.00         7414.00         9126.00        
  urilen           58791           18              4               4553            3266.00         2983.00         3346.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          409063          70              18              39930           5843.00         6452.00         5633.00        
  pcre             33937           2               0               22022           16968.00        0.00            16968.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          532648          125             82              32532           4261.00         4537.00         3734.00        
  pcre             100395          9               2               39787           11155.00        7166.00         12294.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          45951           12              2               4426            3829.00         3430.00         3909.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14836           4               4               3969            3709.00         3709.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_protocol
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7042            2               2               3533            3521.00         3521.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          171750          38              32              43320           4519.00         4702.00         3546.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26890           8               4               3728            3361.00         3442.00         3280.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6629            2               0               3581            3314.00         0.00            3314.00        


suricata-4.0.0-etpro-all-perf.txt-2019-03-23-T-14-09-47-03232019.1409-28fcf235-c43d-4cf9-b379-a76b1b35fa51.pcap.txt - (25046 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 3/23/2019 -- 14:09:47. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2010143      1        3        702525       5.78   97       0        443969      7242.53     0.00        7242.53    
  2        2805348      1        4        1040749      8.56   12       0        432699      86729.08    0.00        86729.08   
  3        2023553      1        7        168049       1.38   2        0        114083      84024.50    0.00        84024.50   
  4        2019002      1        1        213639       1.76   2        0        108869      106819.50   0.00        106819.50  
  5        2017261      1        3        131206       1.08   2        0        84032       65603.00    0.00        65603.00   
  6        2810991      1        4        126357       1.04   2        0        69347       63178.50    0.00        63178.50   
  7        2024142      1        2        64525        0.53   1        0        64525       64525.00    0.00        64525.00   
  8        2814883      1        3        121068       1.00   2        0        63531       60534.00    0.00        60534.00   
  9        2821884      1        3        93335        0.77   2        0        57603       46667.50    0.00        46667.50   
  10       2809363      1        3        107165       0.88   2        0        53872       53582.50    0.00        53582.50   
  11       2024848      1        2        106763       0.88   2        0        53848       53381.50    0.00        53381.50   
  12       2009702      1        5        57757        0.47   2        0        53717       28878.50    0.00        28878.50   
  13       2021418      1        9        92174        0.76   2        0        52816       46087.00    0.00        46087.00   
  14       2019094      1        5        100088       0.82   2        0        52814       50044.00    0.00        50044.00   
  15       2024025      1        2        101617       0.84   2        0        51512       50808.50    0.00        50808.50   
  16       2017259      1        12       99382        0.82   2        0        51381       49691.00    0.00        49691.00   
  17       2824720      1        2        86383        0.71   2        2        50033       43191.50    43191.50    0.00       
  18       2024240      1        2        80509        0.66   2        0        48582       40254.50    0.00        40254.50   
  19       2825235      1        2        90258        0.74   2        0        48392       45129.00    0.00        45129.00   
  20       2824398      1        2        69918        0.57   2        0        47654       34959.00    0.00        34959.00   
  21       2821471      1        2        86705        0.71   2        0        47499       43352.50    0.00        43352.50   
  22       2807970      1        8        87033        0.72   2        0        47484       43516.50    0.00        43516.50   
  23       2819993      1        2        91204        0.75   2        0        46417       45602.00    0.00        45602.00   
  24       2022901      1        2        88345        0.73   2        0        46265       44172.50    0.00        44172.50   
  25       2023334      1        2        77586        0.64   2        0        44475       38793.00    0.00        38793.00   
  26       2827279      1        5        71194        0.59   2        0        43424       35597.00    0.00        35597.00   
  27       2829848      1        2        43411        0.36   1        0        43411       43411.00    0.00        43411.00   
  28       2828803      1        2        77914        0.64   2        0        42859       38957.00    0.00        38957.00   
  29       2013186      1        19       70896        0.58   2        0        42682       35448.00    0.00        35448.00   
  30       2816055      1        2        69640        0.57   2        0        41748       34820.00    0.00        34820.00   
  31       2807548      1        3        81581        0.67   2        0        41518       40790.50    0.00        40790.50   
  32       2021413      1        2        75239        0.62   2        0        41144       37619.50    0.00        37619.50   
  33       2015877      1        6        73205        0.60   2        0        40683       36602.50    0.00        36602.50   
  34       2014703      1        9        43437        0.36   2        0        40231       21718.50    0.00        21718.50   
  35       2021038      1        4        68011        0.56   2        0        39907       34005.50    0.00        34005.50   
  36       2809511      1        4        74453        0.61   2        0        39472       37226.50    0.00        37226.50   
  37       2828008      1        2        67505        0.56   2        0        39065       33752.50    0.00        33752.50   
  38       2807793      1        4        70939        0.58   2        0        37271       35469.50    0.00        35469.50   
  39       2010140      1        7        408064       3.36   97       0        37173       4206.85     0.00        4206.85    
  40       2020181      1        8        72082        0.59   2        0        36867       36041.00    0.00        36041.00   
  41       2812433      1        2        71609        0.59   2        0        36681       35804.50    0.00        35804.50   
  42       2814336      1        2        71406        0.59   2        0        36379       35703.00    0.00        35703.00   
  43       2828060      1        4        36134        0.30   1        0        36134       36134.00    0.00        36134.00   
  44       2014133      1        4        57664        0.47   2        0        35589       28832.00    0.00        28832.00   
  45       2024133      1        2        35492        0.29   1        0        35492       35492.00    0.00        35492.00   
  46       2816764      1        3        108994       0.90   8        0        35379       13624.25    0.00        13624.25   
  47       2017948      1        2        68986        0.57   2        0        34845       34493.00    0.00        34493.00   
  48       2016759      1        1        67703        0.56   2        0        34624       33851.50    0.00        33851.50   
  49       2024137      1        2        34431        0.28   1        0        34431       34431.00    0.00        34431.00   
  50       2821569      1        7        67691        0.56   2        0        34357       33845.50    0.00        33845.50   
  51       2024140      1        2        34227        0.28   1        0        34227       34227.00    0.00        34227.00   
  52       2816356      1        2        67078        0.55   2        0        34204       33539.00    0.00        33539.00   
  53       2812986      1        2        66695        0.55   2        0        34104       33347.50    0.00        33347.50   
  54       2024135      1        2        33988        0.28   1        0        33988       33988.00    0.00        33988.00   
  55       2024134      1        2        33819        0.28   1        0        33819       33819.00    0.00        33819.00   
  56       2014380      1        4        84504        0.69   4        0        33725       21126.00    0.00        21126.00   
  57       2024136      1        2        33670        0.28   1        0        33670       33670.00    0.00        33670.00   
  58       2024138      1        2        33551        0.28   1        0        33551       33551.00    0.00        33551.00   
  59       2804785      1        2        57248        0.47   2        0        33405       28624.00    0.00        28624.00   
  60       2808848      1        3        60634        0.50   2        0        33317       30317.00    0.00        30317.00   
  61       2024141      1        2        33270        0.27   1        0        33270       33270.00    0.00        33270.00   
  62       2024139      1        2        32333        0.27   1        0        32333       32333.00    0.00        32333.00   
  63       2023627      1        3        178839       1.47   56       0        31393       3193.55     0.00        3193.55    
  64       2809601      1        3        61046        0.50   2        0        31288       30523.00    0.00        30523.00   
  65       2828986      1        2        30435        0.25   1        0        30435       30435.00    0.00        30435.00   
  66       2015968      1        8        58835        0.48   2        0        30096       29417.50    0.00        29417.50   
  67       2830613      1        2        58902        0.48   2        0        30030       29451.00    0.00        29451.00   
  68       2823858      1        3        58178        0.48   2        0        29867       29089.00    0.00        29089.00   
  69       2821615      1        2        59034        0.49   2        0        29574       29517.00    0.00        29517.00   
  70       2806132      1        3        56573        0.47   2        0        29378       28286.50    0.00        28286.50   
  71       2815660      1        4        29305        0.24   1        0        29305       29305.00    0.00        29305.00   
  72       2024771      1        1        29133        0.24   1        0        29133       29133.00    0.00        29133.00   
  73       2815568      1        2        55689        0.46   2        0        28625       27844.50    0.00        27844.50   
  74       2827580      1        7        54936        0.45   2        0        28341       27468.00    0.00        27468.00   
  75       2022914      1        1        44377        0.36   3        0        28209       14792.33    0.00        14792.33   
  76       2806873      1        4        54621        0.45   2        0        27851       27310.50    0.00        27310.50   
  77       2820972      1        2        53721        0.44   2        2        27387       26860.50    26860.50    0.00       
  78       2023217      1        1        52564        0.43   2        0        26601       26282.00    0.00        26282.00   
  79       2807926      1        3        60659        0.50   4        0        26302       15164.75    0.00        15164.75   
  80       2810793      1        5        30977        0.25   2        0        25400       15488.50    0.00        15488.50   
  81       2102123      1        7        49279        0.41   2        0        25080       24639.50    0.00        24639.50   
  82       2803902      1        3        49128        0.40   2        0        24995       24564.00    0.00        24564.00   
  83       2823784      1        2        84222        0.69   6        0        23991       14037.00    0.00        14037.00   
  84       2807925      1        1        62255        0.51   4        0        23968       15563.75    0.00        15563.75   
  85       2811711      1        2        44867        0.37   2        0        23455       22433.50    0.00        22433.50   
  86       2016706      1        20       45810        0.38   2        0        23048       22905.00    0.00        22905.00   
  87       2801224      1        6        44599        0.37   2        0        22896       22299.50    0.00        22299.50   
  88       2816165      1        5        44855        0.37   2        0        22829       22427.50    0.00        22427.50   
  89       2822601      1        4        44897        0.37   2        0        22775       22448.50    0.00        22448.50   
  90       2024573      1        2        43683        0.36   2        0        22523       21841.50    0.00        21841.50   
  91       2826512      1        2        43950        0.36   2        0        22507       21975.00    0.00        21975.00   
  92       2024024      1        2        43665        0.36   2        0        22469       21832.50    0.00        21832.50   
  93       2827750      1        2        43830        0.36   2        0        22300       21915.00    0.00        21915.00   
  94       2830574      1        1        43849        0.36   2        0        22051       21924.50    0.00        21924.50   
  95       2014701      1        12       24801        0.20   2        0        21960       12400.50    0.00        12400.50   
  96       2828198      1        2        42896        0.35   2        0        21953       21448.00    0.00        21448.00   
  97       2828212      1        2        42455        0.35   2        0        21797       21227.50    0.00        21227.50   
  98       2823488      1        2        42106        0.35   2        0        21752       21053.00    0.00        21053.00   
  99       2819785      1        2        42560        0.35   2        0        21671       21280.00    0.00        21280.00   
  100      2825092      1        2        42618        0.35   2        0        21517       21309.00    0.00        21309.00   
  101      2022502      1        4        41931        0.34   2        0        21455       20965.50    0.00        20965.50   
  102      2826256      1        2        42616        0.35   2        0        21351       21308.00    0.00        21308.00   
  103      2025180      1        1        41820        0.34   2        0        21344       20910.00    0.00        20910.00   
  104      2820696      1        2        42354        0.35   2        0        21206       21177.00    0.00        21177.00   
  105      2819823      1        5        41560        0.34   2        0        21145       20780.00    0.00        20780.00   
  106      2816899      1        2        41055        0.34   2        0        21140       20527.50    0.00        20527.50   
  107      2806959      1        2        41429        0.34   2        0        21098       20714.50    0.00        20714.50   
  108      2017552      1        6        54924        0.45   3        0        20810       18308.00    0.00        18308.00   
  109      2806921      1        3        41411        0.34   2        0        20745       20705.50    0.00        20705.50   
  110      2016809      1        5        40900        0.34   2        0        20686       20450.00    0.00        20450.00   
  111      2014967      1        3        40254        0.33   2        0        20580       20127.00    0.00        20127.00   
  112      2024606      1        2        39982        0.33   2        0        20459       19991.00    0.00        19991.00   
  113      2023626      1        3        152003       1.25   53       0        18314       2867.98     0.00        2867.98    
  114      2803760      1        3        18032        0.15   1        0        18032       18032.00    0.00        18032.00   
  115      2828877      1        1        17248        0.14   1        0        17248       17248.00    0.00        17248.00   
  116      2024513      1        5        17054        0.14   1        0        17054       17054.00    0.00        17054.00   
  117      2022543      1        1        16429        0.14   1        0        16429       16429.00    0.00        16429.00   
  118      2826281      1        2        16262        0.13   1        0        16262       16262.00    0.00        16262.00   
  119      2819882      1        2        15569        0.13   1        0        15569       15569.00    0.00        15569.00   
  120      2824484      1        1        66568        0.55   6        0        15472       11094.67    0.00        11094.67   
  121      2811542      1        1        19523        0.16   2        0        15119       9761.50     0.00        9761.50    
  122      2023623      1        3        117234       0.96   41       0        15012       2859.37     0.00        2859.37    
  123      2807559      1        2        48026        0.39   4        0        14912       12006.50    0.00        12006.50   
  124      2807573      1        3        47732        0.39   4        0        14781       11933.00    0.00        11933.00   
  125      2014702      1        9        1

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-03-23 14:09:26,409 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-23 14:09:27,174 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-23 14:09:27,174 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-03-23 14:09:27,175 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-23 14:09:27,175 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-23 14:09:27,175 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/e5d85cf4461f4616a82302f95392838056b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03232019.1409-28fcf235-c43d-4cf9-b379-a76b1b35fa51.pcap -vvv -k none
2019-03-23 14:09:47,291 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-23 14:09:47,291 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 20.8899650574