Filename: b881fd1a-d52c-4fde-ab70-5be4ca98c6fd.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.2614860535 seconds
Hash: ed4667633a34e265d1e9de066df7eb1a
Uploaded: 1555409413

Logfiles


unified2.alert.1555409435 - (23748 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
4\µŽÜàÑ!À¹$yÀ¨dFPÀ=\µŽÜ\µŽÜàìEÞ«ùÀ¹$yÀ¨dFPÀ=P SíáÛµþ(h[ú5(¦$=ßC×ÂVs¸]mY2zì„wÃ`ÒnäÊKDC]jŠ%Kå¡XKÐÆ'P@Š$I=¹Yá%šC%gœx'$Š!ðV(e†kÚ¤Ö„ÿêè'íQt„‘!­x±7¤øxbÎÉJöü Õ7 oþùÍëß¼þéÍW_½yý÷|n­Ê’;FidÊýòÝþóÍo½ÿðí/_ÿ1›z/Lü»¿ýîÝ?þù>õ°âÒoÿôý»¿ûçßÿë¯_;´÷9:3á3’`á=—ÞS–Àüñ¿žÄ,FĔ觑@)R³8ôel¡mEÜÛv|Î!Õ¸€÷×/,ÂӘ¯%qh|'ð”1:`Üi…‡j.Ã̳u¹'çk÷¡×ÜC”Z^¯Wc‰Kå0ÆÍ'¥E8ÅÒSß±sŒ«û‚Ë®§dΙ`Ké}A¼"N“ÌșM¥Ð1IÀ/Að·e›ÓçހQתGøÂFÂÞ@ÔA~†©eÆûh-QâR9C	5
~‚dì"9Ýð¹‰	žŽ0eÞx…pÉ<æ°^Ãé!͸Ý~J7‰ä’œ»tž ÆL䈝c”¬\Ø)Icû¹8‡EÞ&]ðSfïõ~@éAw?'Ør÷‡³Á3È°&¥2@Ô7kîðå}̬ønèaWªéóÄJ±}NœÑ1XGVhŸ`LÑ%Z`ì=ûÜÁ`ÀV–ÍKÒbÈ*ÇØX«ê=Åz%ÕÜìçÉ"¬âˆàsºÙI<”&ˆÒü¼nÚ|¥.qÀc:?7ô€/N£< ÃîƒZŸÄÈ*`ê]¸ãuÃ-ÿ]eÁ¾|aѸ¾|mHì¦Ì{m3CԚ ˜‚.ÕnAÄr)¢Š«[;å–ö¦-ÝݑÕô$$ý`´Óû„ÿ»Þ:Œ·ùƱ>N¿ãVl%«kv:‡’ÉñNs·ÛÕ_O¿©¡uúCÙÏX·=ÍmOãÿß÷4‡öóm's¨ß¸íd|è0n;™üpåãt2eó}:ðÈzô±OrðÔgI(Ê
Å'Büø=³˜À ’Ó'ž¸8\Åð¨ÊL`á"Ž´ŒÇ™ü
‘ñ4F+8ªûJI$rՑðVLÀ¡‘vêVxºNNÙ";ì¬×ÕÁfVY’åx-,Æá JfèV»<À+Ôk¶‘>hÝP²×!aLf“h:H´·ƒÊHúXŒæ ¡WöQXt,:JýÖU{,€ZáøÁíÁÏôž BpÍùBù)sõֻڙÓӇŒiE4ØÛ(=ÝU\.O­.µ+xÚ"a„›MB[F7x"†ŸÁytªÑ«Ð¸®¯»¥K-zÊz>­’F»ó>7õ5Èíæšš™‚¦ÞeÏo5C™9Zõü%Ãc²‚Øê7¢ܼÌ%Ï6üM2ˊ9B"Î®“N–
"1÷(Iz¾Z~ášê¢¹Õ>Yr]H+Ÿ9pºíd¼\â¹4ÝnŒ(Kg¯á³\áüV‹ß¬$ÙÜ=—Þ]ó§B,lוDÀÝA=³æ‚ÀeX‘ÈÊøÛ)LyÚ5o£\µŽÜ\µŽÜàìEÞ«ùÀ¹$yÀ¨dFPÀ=Py¦te㈮b”W3™gpÊ:ú­°ñ–¯j˜$/„g‘*°¦Q­jZTŒÃÁªûa!e9#i–5ÓÊ*ªjº³˜5öìØòfEÞ`µ51ä4³Âg©{7åv·¹n§O(ª¼°Ÿ£ê^¡ ÔÊÉ,jŠñ~V9;µkÇv v•"adýÖVíŽÝŠáœoTùAn7jah¹í+µ¥õ­¹y±ÍÎ^@òA—»¦RhWÂÉ.GÐMuO’¥
Ø"/e¾5àÉ[sÒ󿬅ý`؇•Z'W‚fP«tÂ~³ÒÃf}Ök£Aã'õ0»±ŸÀÝä÷öz|ïî>ÙÞÑܙ³¤ÊôÝ|U×w÷õÆá»{@Òù²Õ˜t›ÝA«Òmö'•`4èTºÃÖ 2j
Û£Éhvº“W¾w¡ÁA¿9ZãN¥U+A«¦èwº•vÐhôƒv¿3ú¯ò6Vž¥Ü`^ÍëÞÿÿPK!
ѐŸ¶'theme/theme/_rels/themeManager.xml.rels„M
Â0„÷‚wooÓº‘&݈ЭÔ„ä5
6?$Qìí
®,.‡a¾™i»—Éc2Þ1hª:é•qšÁm¸ìŽ@RN‰Ù;d°`‚Žo7íg‘K(M&$R(.1˜r'J“œÐŠTù€®8£Vä"£¦AÈ»ÐH÷u} ñ›|Å$½b{Õ–Pšÿ³ý8‰g/]þQAsم(¢ÆÌà#›ªLÊ[ººÄßÿÿPK-!éÞ¿ÿ[Content_Types].xmlPK-!¥Ö§çÀ60_rels/.relsPK-!ky–ƒŠtheme/theme/themeManager.xmlPK-!¶ôg˜“É Ötheme/theme/theme1.xmlPK-!
ѐŸ¶'
theme/theme/_rels/themeManager.xml.relsPK]˜<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" accent1="accent1" accent2="accent2" accent3="a\µŽÜ\µŽÜàìEÞ«ùÀ¹$yÀ¨dFPÀ=P-Éccent3" accent4="accent4" accent5="accent5" accent6="accent6" hlink="hlink" folHlink="folHlink"/>	ÿÿÿÿ		ðLð#ð†ÁÅÁ@ñÿÿÿ€€€÷ð’ðð0ð(	ð
ððB
ðSð¿Ëÿ	?ðå±$Zán^„/¨	ÿVÿÿÿÿProject.ow4UCA.autoopenPROJECT.OW4UCA.AUTOOPEN@€	@ÿÿUnknownÿÿÿÿÿÿÿÿÿÿÿÿGÿ*àAxÀ	ÿTimes New Roman5€Symbol3.ÿ*àCxÀ	ÿArial7.ÿáÿ¬@	ŸCalibri5&Ìÿ.á[`À)ÿTahomaC.,ï { @ŸCalibri LightACambria Math"1€ðÐéýhô‚tGô‚tG\µŽÜ\µŽÜàìEÞ«ùÀ¹$yÀ¨dFPÀ=Pòy!ð  ´´0@ãðüý€P	ðÿ$Péýÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿán^6!xx ÑÈíIÜÿÿþÿà…ŸòùOh«‘+'³Ù0d˜¤°¼ÈÔè	ô
 ,
8DLT\äNormal.dotm14\µŽÜ+ûÑýÀ¹$yÀ¨dFPÀ=\µŽÜ\µŽÜ+ûìEÞ«ùÀ¹$yÀ¨dFPÀ=Pf7ŸMacrosh)ôÔð— h)ôÔVBAÿÿÿÿÿÿÿÿ
h)ôÔ òh)ôÔMG1AX1ÿÿÿÿÿÿÿÿÿÿÿÿP__SRP_3ÿÿÿÿÿÿÿÿÜ__SRP_2	ÿÿÿÿBaxoZwZÿÿÿÿÿÿÿÿ„	

þÿÿÿþÿÿÿþÿÿÿ !"#$%&'()*þÿÿÿ,-./0123456789:;<=þÿÿÿ?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg\µŽÜ\µŽÜ+ûìEÞ«ùÀ¹$yÀ¨dFPÀ=Pe[hijkþÿÿÿmnopqrstuvwxyzþÿÿÿ|}þÿÿÿ€äêDR¦jï–ÿÿ£ˆ¶ÿÿÿÿÿÿÿÿ<ÿÿÊÂcéN¸pH†ÄžƁ
ns|‡áÛEKº\ `Á1úBY§ùÄ4rI‘μc6…~®ÿÿÿÿÿÿÿÿÿÿÿÿxY§ùÄ4rI‘μc6…~®ÊÂcéN¸pH†ÄžƁ
nÿÿMEÿÿÿÿÿÿÿÿÿÿßÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ(S"ÿÿÿÿSÿÿÿÿS"ÿÿÿÿ6"ÿÿÿÿÿÿ(1Normal.ThisDocument	ÿÿÿÿ €þÿÿÿÿÿÿÿ(ÿÿÿÿÿÿÿÿÿÿ%ÿÿÿÿƒþÿÿÿÿÿÿÿ`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ%‚ <ÿÿÿÿþÿÿÿÿÿþÿÿÿÿÿÿÿÿÿÿÿ%ÿÿÿÿ`ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿh8@ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0G˜^$*\Rffff*0B5e984715ßÿÿÿÿ4þÊÿÿÿÿÿÿÿÿxÿÿÿÿ °Attribute VB_Name = "MG1@AX1"

èBast1Normal.ThisD€ocument
V@GlobalžSpaclFalse¢CreatablPredeHclaId˜Tru
BExposeTempla€teDeriv$Customiz„Cƒ1\µŽÜ\µŽÜ+ûìEÞ«ùÀ¹$yÀ¨dFPÀ=PRSrU€€€		qsÑ™s	
4!aIÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¹`rU€€€	ÿÿÿÿÿÿÿÿ@nð@ÔLÿÿÿÿG›jïöÿÿˆ¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿxÿÿMEÿÿÿÿÿÿÿÿÿÿßÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ(SPÿÿÿÿSÿÿÿÿSÿÿÿÿSÿÿÿÿÿÿš0{C048E48B-2750-47EE-AD27-3D21AD99F581}{AC90A0B1-A6E9-49BA-ADE5-D67CF5FB9B4A}ÿÿÿÿh€þÿ0ÿÿ(ÿÿÿÿÿÿÿÿÿÿ%þÿÿÿÿÿÿÿÿÿXÿÿ0ÿÿÿÿÿÿÿÿ%ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ0ÿÿÿÿÿÿÿÿÿÿÿÿÿÿ\µŽÜ\µŽÜ+ûìEÞ«ùÀ¹$yÀ¨dFPÀ=P_AÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿßþÊÿÿÿÿÿÿÿÿxÿÿÿÿß°Attribute VB_Name = "axo@ZwZ"

èBast0{C048E48B-2750-47EE-AD27-3D21AD99F581}{AC90A0B1-A6E9 -49BAJE5-D67CF5F@B9B4A}
ÈG lobalˆSpacoFalseŠCreatablPredec$laIdÑTru
BExpose0Templa€teDeriv–Customiz‹Dð@ÔLÿÿÿÿG›jï‘ÿÿˆ¶ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿxÿÿMEÿÿÿÿÿÿÿÿÿÿßÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿJCZXQ4ÿÿÿÿ+„ow4UCA
ÿÿÿÿ>USkcCADXÿÿÿÿÿÿÿÿÿÿÿÿú-_VBA_PROJECT4\µŽë9/Ώ!w‡‚À¨dFPÁ9\µŽë\µŽë9/ìEÞ’w‡‚À¨dFPÁ9PÆ\µŽë\µŽë9/ìEÞ’w‡‚À¨dFPÁ9PÆ4\µŽë9/Åw‡‚À¨dFPÁ9\µŽë\µŽë9/ìEÞ’w‡‚À¨dFPÁ9PÆ\µŽë\µŽë9/ìEÞ’w‡‚À¨dFPÁ9PÆ4\µŽë9/ÖÔw‡‚À¨dFPÁ9\µŽë\µŽë9/ìEÞ’w‡‚À¨dFPÁ9PÆ

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-04-16-T-10-10-37-04162019.1010-b881fd1a-d52c-4fde-ab70-5be4ca98c6fd.pcap.txt - (1525 bytes) - download
1
2
3
4
5
6
7
04/16/2019-08:14:20.920800  [**] [1:2019613:3] ET POLICY Office Document Download Containing AutoOpen Macro [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.185.36.121:80 -> 192.168.100.70:49213
04/16/2019-08:14:20.928763  [**] [1:2019837:3] ET WEB_CLIENT SUSPICIOUS Possible Office Doc with Embedded VBA Project (Wide) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.185.36.121:80 -> 192.168.100.70:49213
04/16/2019-08:14:35.080175  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 119.28.135.130:80 -> 192.168.100.70:49465
04/16/2019-08:14:35.080175  [**] [1:2016538:3] ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 119.28.135.130:80 -> 192.168.100.70:49465
04/16/2019-08:14:35.080175  [**] [1:2021076:2] ET INFO SUSPICIOUS Dotted Quad Host MZ Response [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 119.28.135.130:80 -> 192.168.100.70:49465
04/16/2019-08:14:35.080175  [**] [1:2014520:6] ET INFO EXE - Served Attached HTTP [**] [Classification: Misc activity] [Priority: 3] {TCP} 119.28.135.130:80 -> 192.168.100.70:49465
04/16/2019-08:14:36.517576  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 119.28.135.130:80 -> 192.168.100.70:49465


packet_stats.log - (15563 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          7223          6032899      843478291     619991398       4478.2b   98.99
 IPv4      17           132          4994054      835706752     324431969         42.8b    0.95
 IPv6      17            14          5542819      842797742     207000292          2.9b    0.06
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          7223            67793       12594049        129694        936.8m   87.22
TMM_FLOWWORKER              IPv4      17           132           119673       11879076        581397         76.7m    7.15
TMM_RECEIVEPCAPFILE         IPv4       6          7194             2536        4350562          3999         28.8m    2.68
TMM_RECEIVEPCAPFILE         IPv4      17           132             2547          21999          3005        396.7k    0.04
TMM_DECODEPCAPFILE          IPv4       6          7194             2643        7473320          3938         28.3m    2.64
TMM_DECODEPCAPFILE          IPv4      17           132             2664          37116          3540        467.3k    0.04
TMM_FLOWWORKER              IPv6      17            14           108684         266639        178090          2.5m    0.23
TMM_RECEIVEPCAPFILE         IPv6      17            14             2586           3523          2842         39.8k    0.00
TMM_DECODEPCAPFILE          IPv6      17            14             2715          17853          4645         65.0k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          7194             2798          70501          3392         24.4m  2.74  
flow                    IPv4      17           132             2818          38385          5579        736.5k  0.08  
stream                  IPv4       6          7223             2613        3543633          7525         54.4m  6.11  
app-layer               IPv4      17           132             2527          53230         11172          1.5m  0.17  
detect                  IPv4       6          7223            45285       12554049        100244        724.1m  81.34 
detect                  IPv4      17           132           103314       11731072        464071         61.3m  6.88  
tcp-prune               IPv4       6          7223             2531          58714          2984         21.6m  2.42  
flow                    IPv6      17            14             3050          19914          6170         86.4k  0.01  
app-layer               IPv6      17            14             2548          15809          6597         92.4k  0.01  
detect                  IPv6      17            14            91739         244787        153733          2.2m  0.24  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            13             2936          55024         14291        185.8k  27.03 
tls                     IPv4       6            16             2637           6150          3144         50.3k  7.32  
dns                     IPv4      17            72             3199          23797          6269        451.4k  65.66 
Proto detect            IPv4       6             2             7948           8045          7996         16.0k
Proto detect            IPv4      17            76             2783          32598          6318        480.2k
Proto detect            IPv6      17             6             3356           9003          5483         32.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             4            89471         141238        112662        450.7k  2.68  
LOGGER_UNIFIED2             IPv4       6             4            48843         119531         85835        343.3k  2.04  
LOGGER_JSON_ALERT           IPv4       6             4            89980         163740        132498        530.0k  3.15  
LOGGER_JSON_DNS             IPv4      17            72            26282        5626299        156809         11.3m  67.13 
LOGGER_JSON_HTTP            IPv4       6             8            91069        1500375        305049          2.4m  14.51 
LOGGER_JSON_TLS             IPv4       6             8            44800          94712         59873        479.0k  2.85  
LOGGER_JSON_FILE            IPv4       6            11            57725         285699        116854          1.3m  7.64  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           484             2601         175917         29924        14.5m  11.77 
payload                           IPv4      17           132             3247          98686         24735         3.3m  2.65  
stream                            IPv4       6           484             2536         840945         52434        25.4m  20.62 
http_uri                          IPv4       6             8             4964          23739         14104       112.8k  0.09  
http_request_line                 IPv4       6             8             6822           8379          7637        61.1k  0.05  
http_client_body                  IPv4       6             8             3221         140687         27058       216.5k  0.18  
http_header (request)             IPv4       6             8            30149         170436        129967         1.0m  0.84  
http_header (request trailer)     IPv4       6             8             2604           3133          2687        21.5k  0.02  
http_header_names (request)       IPv4       6             8            13411          29312         24551       196.4k  0.16  
http_accept (request)             IPv4       6             8             3601           8578          6714        53.7k  0.04  
http_referer (request)            IPv4       6             8             3433           7871          4336        34.7k  0.03  
http_content_len (request)        IPv4       6             8             3760           7009          4998        40.0k  0.03  
http_content_type (request)       IPv4       6             8             3523          12110          5967        47.7k  0.04  
http_protocol (request)           IPv4       6             8             5334           8375          6228        49.8k  0.04  
http_start (request)              IPv4       6             8            11455          20631         17109       136.9k  0.11  
http_raw_header (request)         IPv4       6             8             9707          20707         17656       141.3k  0.11  
http_method                       IPv4       6             8             6902           9841          7873        63.0k  0.05  
http_cookie (request)             IPv4       6             8             2972           4511          4029        32.2k  0.03  
http_raw_uri                      IPv4       6             8             3373           7168          5674        45.4k  0.04  
http_user_agent                   IPv4       6             8             3354          61049         30945       247.6k  0.20  
http_host                         IPv4       6             8             5393          11917          9186        73.5k  0.06  
dns_query                         IPv4      17            36             3295          45537         10363       373.1k  0.30  
tls_sni                           IPv4       6            12             3403          12280          8311        99.7k  0.08  
http_response_line                IPv4       6             7             5633          12395          9255        64.8k  0.05  
http_header (response)            IPv4       6             7            22543          64982         48539       339.8k  0.28  
http_header (response trailer)    IPv4       6             7             2601          75448         21085       147.6k  0.12  
http_content_type (response)      IPv4       6             7             3956           9928          8132        56.9k  0.05  
http_raw_header (response)        IPv4       6           336             5624         177757          7305         2.5m  1.99  
http_cookie (response)            IPv4       6             7             3104           7771          4709        33.0k  0.03  
http_stat_code                    IPv4       6             7             3219          18117          6153        43.1k  0.03  
tls_cert_issuer                   IPv4       6             8             3284          10926          6915        55.3k  0.04  
tls_cert_subject                  IPv4       6             8             3920          18762         14778       118.2k  0.10  
tls_cert_serial                   IPv4       6             8             3629           6560          5343        42.8k  0.03  
file_data (http response)         IPv4       6           329             2578       11438544        222751        73.3m  59.53 
Total                             IPv4                  2023                                         60728       122.9m
payload                           IPv6      17            14             3525          49234         17775       248.9k  0.20  
Total                             IPv6                    14                                         17775       248.9k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            32             3629          78844         35732          1.1m  0.14  
PROF_DETECT_IPONLY          IPv4      17            80            37110          83481         47700          3.8m  0.47  
PROF_DETECT_RULES           IPv4       6          7223             2518        7586420         17918        129.4m  16.03 
PROF_DETECT_RULES           IPv4      17           132            44478        4114145        192699         25.4m  3.15  
PROF_DETECT_STATEFUL_START    IPv4       6           327             5108        7270343        117897         38.6m  4.77  
PROF_DETECT_STATEFUL_CONT    IPv4       6          7223             2512         108755          6366         46.0m  5.70  
PROF_DETECT_STATEFUL_CONT    IPv4      17           132             2508          67848          5983        789.9k  0.10  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          7156             2540        6034047          3731         26.7m  3.31  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            72             2584        6394323         91822          6.6m  0.82  
PROF_DETECT_PREFILTER       IPv4       6          7223             7764       11518924         33570        242.5m  30.03 
PROF_DETECT_PREFILTER       IPv4      17           132            23720         400962         58525          7.7m  0.96  
PROF_DETECT_PF_PAYLOAD      IPv4       6           484            13011         899015         90730         43.9m  5.44  
PROF_DETECT_PF_PAYLOAD      IPv4      17           132             8291         121163         30559          4.0m  0.50  
PROF_DETECT_PF_TX           IPv4       6          7156             2545       11457808         14593        104.4m  12.93 
PROF_DETECT_PF_TX           IPv4      17            36             8463          52630         16212        583.6k  0.07  
PROF_DETECT_PF_SORT1        IPv4       6           314             2531          15693          4040          1.3m  0.16  
PROF_DETECT_PF_SORT1        IPv4      17           132             2608         281525          6136        810.0k  0.10  
PROF_DETECT_PF_SORT2        IPv4       6          7223             2508         212501          2862         20.7m  2.56  
PROF_DETECT_PF_SORT2        IPv4      17           132             2538          27574          3483        459.8k  0.06  
PROF_DETECT_NONMPMLIST      IPv4       6          7223             2531          75587          3053         22.1m  2.73  
PROF_DETECT_NONMPMLIST      IPv4      17           132             2543          30991          3250        429.0k  0.05  
PROF_DETECT_ALERT           IPv4       6          7223             2512          71440          2906         21.0m  2.60  
PROF_DETECT_ALERT           IPv4      17           132             2520          20516          3122        412.1k  0.05  
PROF_DETECT_CLEANUP         IPv4       6          7223             2551          52192          2988         21.6m  2.67  
PROF_DETECT_CLEANUP         IPv4      17           132             2514           8002          3239        427.7k  0.05  
PROF_DETECT_GETSGH          IPv4       6          7223             2514         380975          3122         22.6m  2.79  
PROF_DETECT_GETSGH          IPv4      17           132             2533       11210031         89883         11.9m  1.47  
PROF_DETECT_IPONLY          IPv6      17             6             3684          11752          7121         42.7k  0.01  
PROF_DETECT_RULES           IPv6      17            14            33578         132602         66686        933.6k  0.12  
PROF_DETECT_STATEFUL_CONT    IPv6      17            14             2514           3284          2810         39.3k  0.00  
PROF_DETECT_PREFILTER       IPv6      17            14            24411          75746         41201        576.8k  0.07  
PROF_DETECT_PF_PAYLOAD      IPv6      17            14             8743          54586         23178        324.5k  0.04  
PROF_DETECT_PF_SORT1        IPv6      17            14             2612           4638          3272         45.8k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17            14             2558           6099          3271         45.8k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17            14             2519           4194          3115         43.6k  0.01  
PROF_DETECT_ALERT           IPv6      17            14             2525           4936          2769         38.8k  0.00  
PROF_DETECT_CLEANUP         IPv6      17            14             2547           4993          3090         43.3k  0.01  
PROF_DETECT_GETSGH          IPv6      17            14             2746          25313          7152        100.1k  0.01  


stats.log - (2774 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
------------------------------------------------------------------------------------
Date: 4/16/2019 -- 10:10:37 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 7381
decoder.bytes                              | Total                     | 5829396
decoder.ipv4                               | Total                     | 7326
decoder.ipv6                               | Total                     | 14
decoder.ethernet                           | Total                     | 7381
decoder.tcp                                | Total                     | 7194
decoder.udp                                | Total                     | 146
decoder.avg_pkt_size                       | Total                     | 789
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 16
flow.udp                                   | Total                     | 50
tcp.sessions                               | Total                     | 16
tcp.syn                                    | Total                     | 16
tcp.synack                                 | Total                     | 16
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 5
detect.alert                               | Total                     | 7
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 1
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 8
app_layer.flow.tls                         | Total                     | 8
app_layer.flow.dns_udp                     | Total                     | 36
app_layer.tx.dns_udp                       | Total                     | 36
app_layer.flow.failed_udp                  | Total                     | 14
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7085536


eve.json - (64048 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
{"timestamp":"2019-04-16T08:14:19.366194+0000","flow_id":844839643747954,"pcap_cnt":51,"event_type":"dns","src_ip":"192.168.100.70","src_port":53155,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18009,"rrname":"detectportal.firefox.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.366920+0000","flow_id":1641835250030920,"pcap_cnt":52,"event_type":"dns","src_ip":"192.168.100.70","src_port":56773,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64705,"rrname":"nasirmanzoortechnologies.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.368449+0000","flow_id":333132945137473,"pcap_cnt":53,"event_type":"dns","src_ip":"192.168.100.70","src_port":63500,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":593,"rrname":"search.services.mozilla.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.371761+0000","flow_id":844839643747954,"pcap_cnt":54,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":53155,"proto":"UDP","dns":{"type":"answer","id":18009,"rcode":"NOERROR","rrname":"detectportal.firefox.com","rrtype":"CNAME","ttl":23,"rdata":"detectportal.prod.mozaws.net"}}
{"timestamp":"2019-04-16T08:14:19.371761+0000","flow_id":844839643747954,"pcap_cnt":54,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":53155,"proto":"UDP","dns":{"type":"answer","id":18009,"rcode":"NOERROR","rrname":"detectportal.prod.mozaws.net","rrtype":"CNAME","ttl":34,"rdata":"detectportal.firefox.com-v2.edgesuite.net"}}
{"timestamp":"2019-04-16T08:14:19.371761+0000","flow_id":844839643747954,"pcap_cnt":54,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":53155,"proto":"UDP","dns":{"type":"answer","id":18009,"rcode":"NOERROR","rrname":"detectportal.firefox.com-v2.edgesuite.net","rrtype":"CNAME","ttl":17163,"rdata":"a1089.dscd.akamai.net"}}
{"timestamp":"2019-04-16T08:14:19.371761+0000","flow_id":844839643747954,"pcap_cnt":54,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":53155,"proto":"UDP","dns":{"type":"answer","id":18009,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"A","ttl":2,"rdata":"173.223.11.152"}}
{"timestamp":"2019-04-16T08:14:19.373761+0000","flow_id":333132945137473,"pcap_cnt":55,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":63500,"proto":"UDP","dns":{"type":"answer","id":593,"rcode":"NOERROR","rrname":"search.services.mozilla.com","rrtype":"CNAME","ttl":2,"rdata":"search.r53-2.services.mozilla.com"}}
{"timestamp":"2019-04-16T08:14:19.373761+0000","flow_id":333132945137473,"pcap_cnt":55,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":63500,"proto":"UDP","dns":{"type":"answer","id":593,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":2,"rdata":"34.213.175.109"}}
{"timestamp":"2019-04-16T08:14:19.373761+0000","flow_id":333132945137473,"pcap_cnt":55,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":63500,"proto":"UDP","dns":{"type":"answer","id":593,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":2,"rdata":"35.166.112.39"}}
{"timestamp":"2019-04-16T08:14:19.373761+0000","flow_id":333132945137473,"pcap_cnt":55,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":63500,"proto":"UDP","dns":{"type":"answer","id":593,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":2,"rdata":"52.88.150.81"}}
{"timestamp":"2019-04-16T08:14:19.379971+0000","flow_id":1641835250030920,"pcap_cnt":56,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":56773,"proto":"UDP","dns":{"type":"answer","id":64705,"rcode":"NOERROR","rrname":"nasirmanzoortechnologies.com","rrtype":"A","ttl":11787,"rdata":"192.185.36.121"}}
{"timestamp":"2019-04-16T08:14:19.383803+0000","flow_id":1271673493642043,"pcap_cnt":60,"event_type":"dns","src_ip":"192.168.100.70","src_port":56851,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56177,"rrname":"a1089.dscd.akamai.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.383935+0000","flow_id":1271673493642043,"pcap_cnt":61,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":56851,"proto":"UDP","dns":{"type":"answer","id":56177,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"A","ttl":2,"rdata":"173.223.11.152"}}
{"timestamp":"2019-04-16T08:14:19.383994+0000","flow_id":1002228720327674,"pcap_cnt":62,"event_type":"dns","src_ip":"192.168.100.70","src_port":56436,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2328,"rrname":"nasirmanzoortechnologies.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.384060+0000","flow_id":1002228720327674,"pcap_cnt":63,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":56436,"proto":"UDP","dns":{"type":"answer","id":2328,"rcode":"NOERROR","rrname":"nasirmanzoortechnologies.com","rrtype":"A","ttl":11787,"rdata":"192.185.36.121"}}
{"timestamp":"2019-04-16T08:14:19.385199+0000","flow_id":1847753162088623,"pcap_cnt":66,"event_type":"dns","src_ip":"192.168.100.70","src_port":58459,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22004,"rrname":"a1089.dscd.akamai.net","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.385365+0000","flow_id":268927479046485,"pcap_cnt":67,"event_type":"dns","src_ip":"192.168.100.70","src_port":59384,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43846,"rrname":"nasirmanzoortechnologies.com","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.385425+0000","flow_id":1481100393963921,"pcap_cnt":68,"event_type":"dns","src_ip":"192.168.100.70","src_port":61181,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":4248,"rrname":"search.r53-2.services.mozilla.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.385495+0000","flow_id":1481100393963921,"pcap_cnt":69,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":61181,"proto":"UDP","dns":{"type":"answer","id":4248,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":2,"rdata":"52.88.150.81"}}
{"timestamp":"2019-04-16T08:14:19.385495+0000","flow_id":1481100393963921,"pcap_cnt":69,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":61181,"proto":"UDP","dns":{"type":"answer","id":4248,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":2,"rdata":"35.166.112.39"}}
{"timestamp":"2019-04-16T08:14:19.385495+0000","flow_id":1481100393963921,"pcap_cnt":69,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":61181,"proto":"UDP","dns":{"type":"answer","id":4248,"rcode":"NOERROR","rrname":"search.r53-2.services.mozilla.com","rrtype":"A","ttl":2,"rdata":"34.213.175.109"}}
{"timestamp":"2019-04-16T08:14:19.385800+0000","flow_id":1003620289733384,"pcap_cnt":70,"event_type":"dns","src_ip":"192.168.100.70","src_port":57860,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":20190,"rrname":"search.r53-2.services.mozilla.com","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.391518+0000","flow_id":1003620289733384,"pcap_cnt":71,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":57860,"proto":"UDP","dns":{"type":"answer","id":20190,"rcode":"NOERROR","rrname":"r53-2.services.mozilla.com","rrtype":"SOA","ttl":47}}
{"timestamp":"2019-04-16T08:14:19.414884+0000","flow_id":1847753162088623,"pcap_cnt":82,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":58459,"proto":"UDP","dns":{"type":"answer","id":22004,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"AAAA","ttl":19,"rdata":"2a02:26f0:6c00:0000:0000:0000:0210:ba22"}}
{"timestamp":"2019-04-16T08:14:19.414884+0000","flow_id":1847753162088623,"pcap_cnt":82,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":58459,"proto":"UDP","dns":{"type":"answer","id":22004,"rcode":"NOERROR","rrname":"a1089.dscd.akamai.net","rrtype":"AAAA","ttl":19,"rdata":"2a02:26f0:6c00:0000:0000:0000:0210:ba0b"}}
{"timestamp":"2019-04-16T08:14:19.518306+0000","flow_id":268927479046485,"pcap_cnt":89,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":59384,"proto":"UDP","dns":{"type":"answer","id":43846,"rcode":"NOERROR","rrname":"nasirmanzoortechnologies.com","rrtype":"SOA","ttl":1799}}
{"timestamp":"2019-04-16T08:14:19.662151+0000","flow_id":154758658333319,"pcap_cnt":90,"event_type":"dns","src_ip":"192.168.100.70","src_port":49316,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57701,"rrname":"tiles.services.mozilla.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.667862+0000","flow_id":154758658333319,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":49316,"proto":"UDP","dns":{"type":"answer","id":57701,"rcode":"NOERROR","rrname":"tiles.services.mozilla.com","rrtype":"CNAME","ttl":29,"rdata":"tiles.r53-2.services.mozilla.com"}}
{"timestamp":"2019-04-16T08:14:19.667862+0000","flow_id":154758658333319,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":49316,"proto":"UDP","dns":{"type":"answer","id":57701,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.88.59.160"}}
{"timestamp":"2019-04-16T08:14:19.667862+0000","flow_id":154758658333319,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":49316,"proto":"UDP","dns":{"type":"answer","id":57701,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.34.132.219"}}
{"timestamp":"2019-04-16T08:14:19.667862+0000","flow_id":154758658333319,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":49316,"proto":"UDP","dns":{"type":"answer","id":57701,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.43.40.243"}}
{"timestamp":"2019-04-16T08:14:19.667862+0000","flow_id":154758658333319,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":49316,"proto":"UDP","dns":{"type":"answer","id":57701,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.26.103.165"}}
{"timestamp":"2019-04-16T08:14:19.667862+0000","flow_id":154758658333319,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":49316,"proto":"UDP","dns":{"type":"answer","id":57701,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.35.250.5"}}
{"timestamp":"2019-04-16T08:14:19.667862+0000","flow_id":154758658333319,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":49316,"proto":"UDP","dns":{"type":"answer","id":57701,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.43.91.152"}}
{"timestamp":"2019-04-16T08:14:19.667862+0000","flow_id":154758658333319,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":49316,"proto":"UDP","dns":{"type":"answer","id":57701,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"54.149.115.79"}}
{"timestamp":"2019-04-16T08:14:19.667862+0000","flow_id":154758658333319,"pcap_cnt":91,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":49316,"proto":"UDP","dns":{"type":"answer","id":57701,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.39.131.77"}}
{"timestamp":"2019-04-16T08:14:19.671820+0000","flow_id":1654591302877260,"pcap_cnt":93,"event_type":"dns","src_ip":"192.168.100.70","src_port":52940,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15942,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.671924+0000","flow_id":1654591302877260,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":52940,"proto":"UDP","dns":{"type":"answer","id":15942,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.39.131.77"}}
{"timestamp":"2019-04-16T08:14:19.671924+0000","flow_id":1654591302877260,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":52940,"proto":"UDP","dns":{"type":"answer","id":15942,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"54.149.115.79"}}
{"timestamp":"2019-04-16T08:14:19.671924+0000","flow_id":1654591302877260,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":52940,"proto":"UDP","dns":{"type":"answer","id":15942,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.43.91.152"}}
{"timestamp":"2019-04-16T08:14:19.671924+0000","flow_id":1654591302877260,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":52940,"proto":"UDP","dns":{"type":"answer","id":15942,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.35.250.5"}}
{"timestamp":"2019-04-16T08:14:19.671924+0000","flow_id":1654591302877260,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":52940,"proto":"UDP","dns":{"type":"answer","id":15942,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.26.103.165"}}
{"timestamp":"2019-04-16T08:14:19.671924+0000","flow_id":1654591302877260,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":52940,"proto":"UDP","dns":{"type":"answer","id":15942,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.43.40.243"}}
{"timestamp":"2019-04-16T08:14:19.671924+0000","flow_id":1654591302877260,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":52940,"proto":"UDP","dns":{"type":"answer","id":15942,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.34.132.219"}}
{"timestamp":"2019-04-16T08:14:19.671924+0000","flow_id":1654591302877260,"pcap_cnt":94,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":52940,"proto":"UDP","dns":{"type":"answer","id":15942,"rcode":"NOERROR","rrname":"tiles.r53-2.services.mozilla.com","rrtype":"A","ttl":23,"rdata":"52.88.59.160"}}
{"timestamp":"2019-04-16T08:14:19.674194+0000","flow_id":872894370105746,"pcap_cnt":95,"event_type":"dns","src_ip":"192.168.100.70","src_port":60792,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":36835,"rrname":"tiles.r53-2.services.mozilla.com","rrtype":"AAAA","tx_id":0}}
{"timestamp":"2019-04-16T08:14:19.679456+0000","flow_id":872894370105746,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.70","dest_port":60792,"proto":"UDP","dns":{"type":"answer","id":36835,"rcode":"NOERROR","rrname":"r53-2.services.mozilla.com","rrtype":"SOA","ttl":193}}
{"timestamp":"2019-04-16T08:14:19.689990+0000","flow_id":1774528264657580,"pcap_cnt":98,"event_type":"http","src_ip":"192.168.100.70","src_port":49215,"dest_ip":"173.223.11.152","dest_port":80,"

This file has been truncated. Go here to download in full.


suricata-report-2019-04-16-T-10-10-37-04162019.1010-b881fd1a-d52c-4fde-ab70-5be4ca98c6fd.pcap.txt - (17818 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/ed4667633a34e265d1e9de066df7eb1a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04162019.1010-b881fd1a-d52c-4fde-ab70-5be4ca98c6fd.pcap -vvv -k none
elapsedtime:23.314072
stderr:
stdout:
16/4/2019 -- 10:10:13 - <Info> - Configuration node 'rule-files' redefined.
16/4/2019 -- 10:10:13 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/4/2019 -- 10:10:13 - <Info> - CPUs/cores online: 1
16/4/2019 -- 10:10:13 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31175 and 'request-body-inspect-window' set to 16721 after randomization.
16/4/2019 -- 10:10:13 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32872 and 'response-body-inspect-window' set to 16242 after randomization.
16/4/2019 -- 10:10:13 - <Config> - DNS request flood protection level: 500
16/4/2019 -- 10:10:13 - <Config> - DNS per flow memcap (state-memcap): 524288
16/4/2019 -- 10:10:13 - <Config> - DNS global memcap: 16777216
16/4/2019 -- 10:10:14 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/4/2019 -- 10:10:14 - <Config> - preallocated 1000 hosts of size 136
16/4/2019 -- 10:10:14 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/4/2019 -- 10:10:14 - <Config> - using magic-file /usr/share/file/magic
16/4/2019 -- 10:10:14 - <Config> - Core dump size is unlimited.
16/4/2019 -- 10:10:14 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/4/2019 -- 10:10:14 - <Config> - preallocated 1000 defrag trackers of size 168
16/4/2019 -- 10:10:14 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/4/2019 -- 10:10:14 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/4/2019 -- 10:10:14 - <Config> - stream "memcap": 33554432
16/4/2019 -- 10:10:14 - <Config> - stream "midstream" session pickups: disabled
16/4/2019 -- 10:10:14 - <Config> - stream "async-oneside": disabled
16/4/2019 -- 10:10:14 - <Config> - stream "checksum-validation": disabled
16/4/2019 -- 10:10:14 - <Config> - stream."inline": disabled
16/4/2019 -- 10:10:14 - <Config> - stream "bypass": disabled
16/4/2019 -- 10:10:14 - <Config> - stream "max-synack-queued": 5
16/4/2019 -- 10:10:14 - <Config> - stream.reassembly "memcap": 134217728
16/4/2019 -- 10:10:14 - <Config> - stream.reassembly "depth": 0
16/4/2019 -- 10:10:14 - <Config> - stream.reassembly "toserver-chunk-size": 2639
16/4/2019 -- 10:10:14 - <Config> - stream.reassembly "toclient-chunk-size": 2560
16/4/2019 -- 10:10:14 - <Config> - stream.reassembly.raw: enabled
16/4/2019 -- 10:10:14 - <Config> - stream.reassembly "segment-prealloc": 2048
16/4/2019 -- 10:10:14 - <Config> - Delayed detect disabled
16/4/2019 -- 10:10:14 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/4/2019 -- 10:10:14 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/4/2019 -- 10:10:14 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/4/2019 -- 10:10:14 - <Config> - prefilter engines: MPM
16/4/2019 -- 10:10:14 - <Config> - IP reputation disabled
16/4/2019 -- 10:10:14 - <Perf> - Registered 148 keyword profiling counters.
16/4/2019 -- 10:10:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
16/4/2019 -- 10:10:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
16/4/2019 -- 10:10:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
16/4/2019 -- 10:10:19 - <Config> - No rules loaded from ET-icmp.rules.
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
16/4/2019 -- 10:10:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
16/4/2019 -- 10:10:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
16/4/2019 -- 10:10:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
16/4/2019 -- 10:10:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
16/4/2019 -- 10:10:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
16/4/2019 -- 10:10:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
16/4/2019 -- 10:10:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
16/4/2019 -- 10:10:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
16/4/2019 -- 10:10:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
16/4/2019 -- 10:10:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
16/4/2019 -- 10:10:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
16/4/2019 -- 10:10:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
16/4/2019 -- 10:10:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
16/4/2019 -- 10:10:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
16/4/2019 -- 10:10:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
16/4/2019 -- 10:10:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
16/4/2019 -- 10:10:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
16/4/2019 -- 10:10:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
16/4/2019 -- 10:10:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
16/4/2019 -- 10:10:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
16/4/2019 -- 10:10:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
16/4/2019 -- 10:10:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
16/4/2019 -- 10:10:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
16/4/2019 -- 10:10:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
16/4/2019 -- 10:10:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
16/4/2019 -- 10:10:26 - <Config> - No rules loaded from local.rules.
16/4/2019 -- 10:10:26 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
16/4/2019 -- 10:10:26 - <Info> - Threshold config parsed: 0 rule(s) found
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for tcp-packet
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for tcp-stream
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for udp-packet
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for other-ip
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_uri
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_request_line
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_client_body
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_response_line
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_header
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_header
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_header_names
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_header_names
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_accept
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_accept_enc
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_accept_lang
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_referer
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_connection
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_content_len
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_content_len
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_content_type
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_content_type
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_protocol
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_protocol
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_start
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_start
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_raw_header
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_raw_header
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_method
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_cookie
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_cookie
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_raw_uri
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_user_agent
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_host
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_raw_host
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_stat_msg
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_stat_code
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for dns_query
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for tls_sni
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for dce_stub_data
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for dce_stub_data
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for ssh_protocol
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for ssh_protocol
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for ssh_software
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for ssh_software
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for file_data
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for file_data
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_request_line
16/4/2019 -- 10:10:27 - <Perf> - using shared mpm ctx' for http_response_line
16/4/2019 -- 10:10:27 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
16/4/2019 -- 10:10:27 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/4/2019 -- 10:10:27 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
16/4/2019 -- 10:10:27 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
16/4/2019 -- 10:10:27 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
16/4/2019 -- 10:10:27 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
16/4/2019 -- 10:10:27 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
16/4/2019 -- 10:10:27 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/4/2019 -- 10:10:33 - <Perf> - Unique rule groups: 104
16/4/2019 -- 10:10:33 - <Perf> - Builtin MPM "toserver TCP packet": 35
16/4/2019 -- 10:10:33 - <Perf> - Builtin MPM "toclient TCP packet": 17
16/4/2019 -- 10:10:33 - <Perf> - Builtin MPM "toserver TCP stream": 33
16/4/2019 -- 10:10:33 - <Perf> - Builtin MPM "toclient TCP stream": 19
16/4/2019 -- 10:10:33 - <Perf> - Builtin MPM "toserver UDP packet": 27
16/4/2019 -- 10:10:33 - <Perf> - Builtin MPM "toclient UDP packet": 17
16/4/2019 -- 10:10:33 - <Perf> - Builtin MPM "other IP packet": 3
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_uri": 14
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_header": 10
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient http_header": 6
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_header_names": 2
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_protocol": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_start": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_method": 5
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver http_host": 2
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver tls_sni": 2
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toserver file_data": 1
16/4/2019 -- 10:10:33 - <Perf> - AppLayer MPM "toclient file_data": 7
16/4/2019 -- 10:10:35 - <Perf> - Registered 39590 rule profiling counters.
16/4/2019 -- 10:10:35 - <Info> - fast output device (regular) initialized: alert
16/4/2019 -- 10:10:35 - <Info> - eve-log output device (regular) initialized: eve.json
16/4/2019 -- 10:10:35 - <Config> - enabling 'eve-log' module 'alert'
16/4/2019 -- 10:10:35 - <Config> - enabling 'eve-log' module 'http'
16/4/2019 -- 10:10:35 - <Config> - enabling 'eve-log' module 'dns'
16/4/2019 -- 10:10:35 - <Config> - enabling 'eve-log' module 'tls'
16/4/2019 -- 10:10:35 - <Config> - enabling 'eve-log' module 'files'
16/4/2019 -- 10:10:35 - <Config> - enabling 'eve-log' module 'ssh'
16/4/2019 -- 10:10:35 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
16/4/2019 -- 10:10:35 - <Info> - stats output device (regular) initialized: stats.log
16/4/2019 -- 10:10:35 - <Config> - AutoFP mode using "Hash" flow load balancer
16/4/2019 -- 10:10:35 - <Info> - reading pcap file /var/pcap/04162019.1010-b881fd1a-d52c-4fde-ab70-5be4ca98c6fd.pcap
16/4/2019 -- 10:10:35 - <Config> - us

This file has been truncated. Go here to download in full.


keyword_perf.log - (15336 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 4/16/2019 -- 10:10:37
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             6957466         2130            2130            39092           3266.00         3266.00         0.00           
  content          32301378        2489            1098            6281502         12977.00        10922.00        14599.00       
  pcre             1554530         247             20              41223           6293.00         9922.00         5973.00        
  byte_test        2487782         640             305             385343          3887.00         4791.00         3063.00        
  byte_jump        165849          41              27              17086           4045.00         4315.00         3523.00        
  isdataat         122429          37              0               17078           3308.00         0.00            3308.00        
  flowbits         3006289         1023            30              18301           2938.00         3651.00         2917.00        
  urilen           362879          109             39              5045            3329.00         3320.00         3333.00        
  byte_extract     196971          67              67              6161            2939.00         2939.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             6957466         2130            2130            39092           3266.00         3266.00         0.00           
  flowbits         2967021         1016            23              18301           2920.00         3055.00         2917.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8036903         1384            554             65595           5807.00         6477.00         5359.00        
  pcre             455617          68              2               41223           6700.00         13947.00        6480.00        
  byte_test        2483054         639             305             385343          3885.00         4791.00         3058.00        
  byte_jump        130498          34              20              15730           3838.00         4058.00         3523.00        
  isdataat         122429          37              0               17078           3308.00         0.00            3308.00        
  byte_extract     196971          67              67              6161            2939.00         2939.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         39268           7               7               11302           5609.00         5609.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          181928          47              19              5559            3870.00         3799.00         3919.00        
  pcre             244170          37              3               18811           6599.00         13371.00        6001.00        
  urilen           362879          109             39              5045            3329.00         3320.00         3333.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7714            2               0               4074            3857.00         0.00            3857.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21290           6               0               4658            3548.00         0.00            3548.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21615518        526             163             6281502         41094.00        40500.00        41360.00       
  pcre             375466          78              2               31602           4813.00         15569.00        4530.00        
  byte_test        4728            1               0               4728            4728.00         0.00            4728.00        
  byte_jump        35351           7               7               17086           5050.00         5050.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1732348         353             256             36610           4907.00         5054.00         4520.00        
  pcre             373576          49              11              31625           7624.00         8062.00         7497.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          133299          28              15              18091           4760.00         3994.00         5645.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12656           3               3               4649            4218.00         4218.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_start
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8979            2               2               4500            4489.00         4489.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5169            1               0               5169            5169.00         0.00            5169.00        
  pcre             23198           1               0               23198           23198.00        0.00            23198.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          65608           18              12              5654            3644.00         3627.00         3679.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          432749          106             72              6115            4082.00         4223.00         3784.00        
  pcre             82503           14              2               15133           5893.00         5307.00         5990.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3137            1               0               3137            3137.00         0.00            3137.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15024           4               2               4122            3756.00         3849.00         3662.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          29056           8               0               4306            3632.00         0.00            3632.00        


suricata-4.0.0-etpro-all-perf.txt-2019-04-16-T-10-10-37-04162019.1010-b881fd1a-d52c-4fde-ab70-5be4ca98c6fd.pcap.txt - (67798 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 4/16/2019 -- 10:10:37. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2820157      1        2        11680210     10.50  29       0        6310702     402765.86   0.00        402765.86  
  2        2025200      1        1        4138962      3.72   72       0        3891111     57485.58    0.00        57485.58   
  3        2820158      1        2        5239785      4.71   29       0        514883      180682.24   0.00        180682.24  
  4        2803027      1        6        1073228      0.96   10       0        460546      107322.80   0.00        107322.80  
  5        2824996      1        1        631635       0.57   12       0        436552      52636.25    0.00        52636.25   
  6        2809148      1        2        304903       0.27   1        0        304903      304903.00   0.00        304903.00  
  7        2819930      1        2        2739615      2.46   17       0        299467      161153.82   0.00        161153.82  
  8        2021749      1        6        1500727      1.35   10       0        218700      150072.70   0.00        150072.70  
  9        2819664      1        2        2587599      2.33   17       0        215065      152211.71   0.00        152211.71  
  10       2816510      1        3        1133981      1.02   7        0        214680      161997.29   0.00        161997.29  
  11       2809149      1        2        207625       0.19   1        0        207625      207625.00   0.00        207625.00  
  12       2016855      1        2        204999       0.18   1        0        204999      204999.00   0.00        204999.00  
  13       2020865      1        3        779311       0.70   6        0        199921      129885.17   0.00        129885.17  
  14       2819940      1        3        1072959      0.96   7        0        188005      153279.86   0.00        153279.86  
  15       2012520      1        7        169397       0.15   1        1        169397      169397.00   169397.00   0.00       
  16       2016854      1        3        154131       0.14   1        0        154131      154131.00   0.00        154131.00  
  17       2814978      1        2        939091       0.84   10       0        143691      93909.10    0.00        93909.10   
  18       2814979      1        2        897339       0.81   10       0        136398      89733.90    0.00        89733.90   
  19       2809145      1        2        649323       0.58   6        0        136261      108220.50   0.00        108220.50  
  20       2019837      1        3        150223       0.13   7        1        133629      21460.43    133629.00   2765.67    
  21       2802990      1        5        129336       0.12   2        0        118906      64668.00    0.00        64668.00   
  22       2018342      1        2        739519       0.66   7        0        109864      105645.57   0.00        105645.57  
  23       2804907      1        3        266847       0.24   5        0        104505      53369.40    0.00        53369.40   
  24       2822213      1        2        691513       0.62   10       0        104021      69151.30    0.00        69151.30   
  25       2018789      1        3        156797       0.14   10       0        103579      15679.70    0.00        15679.70   
  26       2023711      1        2        120277       0.11   8        0        100573      15034.62    0.00        15034.62   
  27       2024769      1        2        641160       0.58   7        0        99118       91594.29    0.00        91594.29   
  28       2018005      1        6        666043       0.60   10       0        97189       66604.30    0.00        66604.30   
  29       2816940      1        2        445403       0.40   7        0        95856       63629.00    0.00        63629.00   
  30       2019613      1        3        111667       0.10   6        1        95762       18611.17    95762.00    3181.00    
  31       2820600      1        2        471978       0.42   6        0        90600       78663.00    0.00        78663.00   
  32       2816910      1        2        468626       0.42   7        0        88195       66946.57    0.00        66946.57   
  33       2021076      1        2        104573       0.09   8        1        85520       13071.62    85520.00    2721.86    
  34       2816931      1        3        277748       0.25   7        0        84937       39678.29    0.00        39678.29   
  35       2014520      1        6        1218944      1.10   192      1        82270       6348.67     10753.00    6325.61    
  36       2816165      1        5        261272       0.23   8        0        80214       32659.00    0.00        32659.00   
  37       2827505      1        2        291823       0.26   6        0        80195       48637.17    0.00        48637.17   
  38       2805348      1        4        771083       0.69   13       0        80154       59314.08    0.00        59314.08   
  39       2822181      1        4        142600       0.13   4        0        78640       35650.00    0.00        35650.00   
  40       2018241      1        2        97485        0.09   8        0        77483       12185.62    0.00        12185.62   
  41       2023622      1        3        408244       0.37   122      0        74792       3346.26     0.00        3346.26    
  42       2022055      1        2        214223       0.19   8        0        74537       26777.88    0.00        26777.88   
  43       2828123      1        2        241009       0.22   6        0        73366       40168.17    0.00        40168.17   
  44       2828876      1        1        316672       0.28   81       0        72994       3909.53     0.00        3909.53    
  45       2802987      1        5        1047987      0.94   22       0        72397       47635.77    0.00        47635.77   
  46       2816909      1        2        440197       0.40   7        0        71349       62885.29    0.00        62885.29   
  47       2025064      1        5        321615       0.29   7        0        70610       45945.00    0.00        45945.00   
  48       2020470      1        6        127507       0.11   4        0        69942       31876.75    0.00        31876.75   
  49       2804927      1        2        764529       0.69   14       0        69932       54609.21    0.00        54609.21   
  50       2018959      1        3        89409        0.08   8        1        69852       11176.12    69852.00    2793.86    
  51       2019707      1        2        362332       0.33   6        0        69010       60388.67    0.00        60388.67   
  52       2802991      1        5        555173       0.50   10       0        68439       55517.30    0.00        55517.30   
  53       2801929      1        7        634491       0.57   13       0        67229       48807.00    0.00        48807.00   
  54       2804911      1        3        243905       0.22   4        0        66953       60976.25    0.00        60976.25   
  55       2803657      1        5        168103       0.15   3        0        64050       56034.33    0.00        56034.33   
  56       2016537      1        2        2955902      2.66   194      1        63547       15236.61    63547.00    14986.30   
  57       2830124      1        1        62970        0.06   1        0        62970       62970.00    0.00        62970.00   
  58       2015744      1        4        76979        0.07   6        1        62838       12829.83    62838.00    2828.20    
  59       2801930      1        7        604174       0.54   13       0        62768       46474.92    0.00        46474.92   
  60       2804906      1        3        283873       0.26   5        0        62545       56774.60    0.00        56774.60   
  61       2021074      1        2        61620        0.06   1        1        61620       61620.00    61620.00    0.00       
  62       2022480      1        2        378474       0.34   7        0        61299       54067.71    0.00        54067.71   
  63       2821615      1        2        90210        0.08   2        0        60614       45105.00    0.00        45105.00   
  64       2014701      1        12       889842       0.80   72       0        58556       12358.92    0.00        12358.92   
  65       2826256      1        2        221502       0.20   8        0        57714       27687.75    0.00        27687.75   
  66       2018496      1        9        57675        0.05   1        0        57675       57675.00    0.00        57675.00   
  67       2009702      1        5        908778       0.82   72       0        57483       12621.92    0.00        12621.92   
  68       2018359      1        3        238137       0.21   6        0        57239       39689.50    0.00        39689.50   
  69       2822395      1        2        152927       0.14   8        0        55621       19115.88    0.00        19115.88   
  70       2816929      1        4        278987       0.25   7        0        54660       39855.29    0.00        39855.29   
  71       2011894      1        19       54295        0.05   1        0        54295       54295.00    0.00        54295.00   
  72       2803000      1        2        104971       0.09   2        0        54242       52485.50    0.00        52485.50   
  73       2019693      1        5        53883        0.05   1        0        53883       53883.00    0.00        53883.00   
  74       2820931      1        2        608754       0.55   39       0        53195       15609.08    0.00        15609.08   
  75       2828122      1        2        52155        0.05   1        0        52155       52155.00    0.00        52155.00   
  76       2018982      1        2        139478       0.13   3        0        52024       46492.67    0.00        46492.67   
  77       2017876      1        3        51525        0.05   1        0        51525       51525.00    0.00        51525.00   
  78       2020825      1        6        108433       0.10   4        0        51179       27108.25    0.00        27108.25   
  79       2023766      1        2        100150       0.09   2        0        50338       50075.00    0.00        50075.00   
  80       2014353      1        6        68344        0.06   8        0        49650       8543.00     0.00        8543.00    
  81       2805089      1        6        49635        0.04   1        0        49635       49635.00    0.00        49635.00   
  82       2816928      1        3        234216       0.21   7        0        49339       33459.43    0.00        33459.43   
  83       2802067      1        6        51744        0.05   2        0        49204       25872.00    0.00        25872.00   
  84       2013352      1        4        69159        0.06   8        0        48689       8644.88     0.00        8644.88    
  85       2823423      1        3        92971        0.08   2        0        48042       46485.50    0.00        46485.50   
  86       2811429      1        3        93312        0.08   2        0        47127       46656.00    0.00        46656.00   
  87       2018457      1        1        292744       0.26   9        0        47034       32527.11    0.00        32527.11   
  88       2816927      1        3        234437       0.21   7        0        46874       33491.00    0.00        33491.00   
  89       2828955      1        2        90780        0.08   2        0        46280       45390.00    0.00        45390.00   
  90       2008575      1        5        1066995      0.96   149      0        46244       7161.04     0.00        7161.04    
  91       2023583      1        4        208609       0.19   6        0        46221       34768.17    0.00        34768.17   
  92       2008438      1        20       129960       0.12   3        0        45885       43320.00    0.00        43320.00   
  93       2810487      1        1        106411       0.10   5        0        45839       21282.20    0.00        21282.20   
  94       2022842      1        5        45611        0.04   1        0        45611       45611.00    0.00        45611.00   
  95       2805985      1        2        127571       0.11   3        0        45489       42523.67    0.00        42523.67   
  96       2816930      1        4        224181       0.20   7        0        45455       32025.86    0.00        32025.86   
  97       2014519      1        7        356139       0.32   21       0        44911       16959.00    0.00        16959.00   
  98       2808234      1        1        125611       0.11   3        0        44889       41870.33    0.00        41870.33   
  99       2018452      1        15       44746        0.04   1        0        44746       44746.00    0.00        44746.00   
  100      2009028      1        11       65923        0.06   8        0        44590       8240.38     0.00        8240.38    
  101      2807400      1        3        122459       0.11   3        0        44155       40819.67    0.00        40819.67   
  102      2808793      1        3        44082        0.04   1        0        44082       44082.00    0.00        44082.00   
  103      2016858      1        10       44054        0.04   1        0        44054       44054.00    0.00        44054.00   
  104      2018983      1        7        44050        0.04   1        0        44050       44050.00    0.00        44050.00   
  105      2018358      1        7        44042        0.04   1        0        44042       44042.00    0.00        44042.00   
  106      2810481      1        4        796748       0.72   38       0        44005       20967.05    0.00        20967.05   
  107      2020569      1        1        123451       0.11   3        0        43857       41150.33    0.00        41150.33   
  108      2020202      1        2        73499        0.07   2        0        43799       36749.50    0.00        36749.50   
  109      2019881      1        3        43747        0.04   1        0        43747       43747.00    0.00        43747.00   
  110      2809256      1        3        67008        0.06   8        0        43675       8376.00     0.00        8376.00    
  111      2022050      1        3        121368       0.11   3        0        43389       40456.00    0.00        40456.00   
  112      2803760      1        3        582840       0.52   36       0        42960       16190.00    0.00        16190.00   
  113      2811544      1        1        440355       0.40   42       0        42958       10484.64    0.00        10484.64   
  114      2819785      1        2        42655        0.04   1        0        42655       42655.00    0.00        42655.00   
  115      2024771      1        1        165309       0.15   5        0        42397       33061.80    0.00        33061.80   
  116      2816619      1        2        42231        0.04   1        0        42231       42231.00    0.00        42231.00   
  117      2815451      1        2        247973       0.22   16       0        42118       15498.31    0.00        15498.31   
  118      2820851      1        5        243237       0.22   7        0        41669       34748.14    0.00        34748.14   
  119      2806132      1        3        41584        0.04   1        0        41584       41584.00    0.00        41584.00   
  120      2816924      1        4        209202       0.19   7        0        41573       29886.00    0.00        29886.00   
  121      2019822      1        7        136295       0.12   8        0        41432       17036.88    0.00        17036.88   
  122      2816327      1        4        243305       0.22   7        0        41422       34757.86    0.00        34757.86   
  123      2017552      1        6        2912666      2.62   201      0        41418       14490.88    0.00        14490.88   
  124      2816515      1        3        65188        0.06   2        0        40693       32594.00    0.00        32594.00   
  125      2023624      1        3        4

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-04-16 10:10:13,265 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-04-16 10:10:13,987 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-04-16 10:10:13,988 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-04-16 10:10:13,988 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-04-16 10:10:13,989 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-04-16 10:10:13,989 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/ed4667633a34e265d1e9de066df7eb1a56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04162019.1010-b881fd1a-d52c-4fde-ab70-5be4ca98c6fd.pcap -vvv -k none
2019-04-16 10:10:37,306 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-04-16 10:10:37,307 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.0498077869