Filename: network.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 28.5307729244 seconds
Hash: ed82d931b8b865b1f7c5c1a66316e69d
Uploaded: 1568623582

Logfiles


unified2.alert.1568623608 - (4430 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
4]J	N+,ìÀ¨ð¹°+`Á>P2]J]J	NE"'À¨ð¹°+`Á>PP+POST /post/post.php HTTP/1.1
Accept: */*
Host: smalldeal.mypressonline.com
Referer: http://smalldeal.mypressonline.com/post/post.php
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarywhpFxMBe19cSjFnG
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; .NET CLR 1.1.4322)
Content-Length: 323
Connection: Keep-Alive
Cache-Control: no-cache


------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="MAX_FILE_SIZE"

10000000
------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="userfile"; filename="loves111_mfF0ject6L"
Content-Type: application/octet-stream

ending
------WebKitFormBoundarywhpFxMBe19cSjFnG4]J,+,ìÀ¨ð¹°+`ÁAP2]J]J,E"'À¨ð¹°+`ÁAPP+POST /post/post.php HTTP/1.1
Accept: */*
Host: smalldeal.mypressonline.com
Referer: http://smalldeal.mypressonline.com/post/post.php
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarywhpFxMBe19cSjFnG
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; .NET CLR 1.1.4322)
Content-Length: 323
Connection: Keep-Alive
Cache-Control: no-cache


------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="MAX_FILE_SIZE"

10000000
------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="userfile"; filename="loves111_mfF0ject6L"
Content-Type: application/octet-stream

ending
------WebKitFormBoundarywhpFxMBe19cSjFnG4]JT†‘+,ìÀ¨ð¹°+`ÁDP2]JT]JT†‘E"'À¨ð¹°+`ÁDPP+POST /post/post.php HTTP/1.1
Accept: */*
Host: smalldeal.mypressonline.com
Referer: http://smalldeal.mypressonline.com/post/post.php
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarywhpFxMBe19cSjFnG
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; .NET CLR 1.1.4322)
Content-Length: 323
Connection: Keep-Alive
Cache-Control: no-cache


------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="MAX_FILE_SIZE"

10000000
------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="userfile"; filename="loves111_mfF0ject6L"
Content-Type: application/octet-stream

ending
------WebKitFormBoundarywhpFxMBe19cSjFnG4]J{Ô_+,ìÀ¨ð¹°+`ÁHP2]J{]J{Ô_E"'À¨ð¹°+`ÁHPP+POST /post/post.php HTTP/1.1
Accept: */*
Host: smalldeal.mypressonline.com
Referer: http://smalldeal.mypressonline.com/post/post.php
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarywhpFxMBe19cSjFnG
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; .NET CLR 1.1.4322)
Content-Length: 323
Connection: Keep-Alive
Cache-Control: no-cache


------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="MAX_FILE_SIZE"

10000000
------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="userfile"; filename="loves111_mfF0ject6L"
Content-Type: application/octet-stream

ending
------WebKitFormBoundarywhpFxMBe19cSjFnG4]J¦+,ìÀ¨ð¹°+`ÁKP2]J]J¦E"'À¨ð¹°+`ÁKPP+POST /post/post.php HTTP/1.1
Accept: */*
Host: smalldeal.mypressonline.com
Referer: http://smalldeal.mypressonline.com/post/post.php
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarywhpFxMBe19cSjFnG
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; .NET CLR 1.1.4322)
Content-Length: 323
Connection: Keep-Alive
Cache-Control: no-cache


------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="MAX_FILE_SIZE"

10000000
------WebKitFormBoundarywhpFxMBe19cSjFnG
Content-Disposition: form-data; name="userfile"; filename="loves111_mfF0ject6L"
Content-Type: application/octet-stream

ending
------WebKitFormBoundarywhpFxMBe19cSjFnG


suricata-4.0.0-etpro-all-perf.txt-2019-09-16-T-08-46-50-09162019.0846-network.pcap.txt - (42198 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/16/2019 -- 08:46:50. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2016537      1        2        2487592      1.68   69       0        434030      36052.06    0.00        36052.06   
  2        2816940      1        2        1232984      0.83   10       0        296144      123298.40   0.00        123298.40  
  3        2017552      1        6        3285946      2.21   102      0        204256      32215.16    0.00        32215.16   
  4        2022609      1        2        1135458      0.77   18       0        176596      63081.00    0.00        63081.00   
  5        2810905      1        2        857684       0.58   8        0        173744      107210.50   0.00        107210.50  
  6        2829548      1        2        903266       0.61   10       5        168362      90326.60    91362.80    89290.40   
  7        2025064      1        5        772796       0.52   10       0        150184      77279.60    0.00        77279.60   
  8        2816055      1        2        482242       0.32   8        0        127124      60280.25    0.00        60280.25   
  9        2829552      1        2        710636       0.48   8        0        125342      88829.50    0.00        88829.50   
  10       2823858      1        3        954040       0.64   18       0        124348      53002.22    0.00        53002.22   
  11       2016858      1        10       790260       0.53   10       0        119330      79026.00    0.00        79026.00   
  12       2024565      1        3        601098       0.41   10       0        118536      60109.80    0.00        60109.80   
  13       2017259      1        12       543760       0.37   8        0        117506      67970.00    0.00        67970.00   
  14       2823263      1        3        603284       0.41   10       0        117222      60328.40    0.00        60328.40   
  15       2816909      1        2        1009954      0.68   10       0        116838      100995.40   0.00        100995.40  
  16       2816910      1        2        971538       0.65   10       0        111912      97153.80    0.00        97153.80   
  17       2816929      1        4        758488       0.51   10       0        111154      75848.80    0.00        75848.80   
  18       2821471      1        2        1156226      0.78   18       0        108772      64234.78    0.00        64234.78   
  19       2811447      1        2        1843544      1.24   30       0        104712      61451.47    0.00        61451.47   
  20       2020181      1        8        1095604      0.74   18       0        104400      60866.89    0.00        60866.89   
  21       2816922      1        5        555186       0.37   10       0        104174      55518.60    0.00        55518.60   
  22       2021418      1        9        1285222      0.87   18       0        103662      71401.22    0.00        71401.22   
  23       2810906      1        2        740692       0.50   8        0        102960      92586.50    0.00        92586.50   
  24       2014701      1        12       107220       0.07   2        0        102270      53610.00    0.00        53610.00   
  25       2815754      1        2        686880       0.46   11       0        101408      62443.64    0.00        62443.64   
  26       2820851      1        5        683502       0.46   10       0        99608       68350.20    0.00        68350.20   
  27       2815180      1        3        552048       0.37   8        0        99298       69006.00    0.00        69006.00   
  28       2815182      1        3        537796       0.36   8        0        98968       67224.50    0.00        67224.50   
  29       2815220      1        2        566236       0.38   8        0        98954       70779.50    0.00        70779.50   
  30       2100540      1        12       760192       0.51   123      0        98342       6180.42     0.00        6180.42    
  31       2810991      1        4        647914       0.44   8        0        96808       80989.25    0.00        80989.25   
  32       2814883      1        3        624312       0.42   8        0        96698       78039.00    0.00        78039.00   
  33       2025234      1        2        673752       0.45   8        0        95972       84219.00    0.00        84219.00   
  34       2816895      1        2        549144       0.37   8        0        94420       68643.00    0.00        68643.00   
  35       2816884      1        3        446214       0.30   10       0        94164       44621.40    0.00        44621.40   
  36       2024848      1        2        906494       0.61   15       0        91256       60432.93    0.00        60432.93   
  37       2816165      1        5        1620154      1.09   33       0        90094       49095.58    0.00        49095.58   
  38       2815480      1        6        268326       0.18   4        0        88362       67081.50    0.00        67081.50   
  39       2025142      1        2        1112124      0.75   15       0        87612       74141.60    0.00        74141.60   
  40       2828986      1        2        947588       0.64   18       0        87568       52643.78    0.00        52643.78   
  41       2021718      1        4        519776       0.35   8        0        87530       64972.00    0.00        64972.00   
  42       2807793      1        4        949870       0.64   18       0        87180       52770.56    0.00        52770.56   
  43       2018358      1        7        743240       0.50   10       0        86820       74324.00    0.00        74324.00   
  44       2022901      1        2        1190348      0.80   18       0        86744       66130.44    0.00        66130.44   
  45       2807970      1        8        1144314      0.77   18       0        86702       63573.00    0.00        63573.00   
  46       2018242      1        5        541268       0.36   10       0        86218       54126.80    0.00        54126.80   
  47       2017948      1        2        1052088      0.71   30       0        86138       35069.60    0.00        35069.60   
  48       2816669      1        4        1634920      1.10   33       0        85906       49543.03    0.00        49543.03   
  49       2022080      1        1        579568       0.39   10       10       85874       57956.80    57956.80    0.00       
  50       2019094      1        5        1250466      0.84   30       0        85818       41682.20    0.00        41682.20   
  51       2809363      1        3        1150246      0.78   18       0        85704       63902.56    0.00        63902.56   
  52       2816356      1        2        958652       0.65   18       0        85444       53258.44    0.00        53258.44   
  53       2816899      1        2        680640       0.46   18       0        83210       37813.33    0.00        37813.33   
  54       2022502      1        4        1034138      0.70   18       0        82740       57452.11    0.00        57452.11   
  55       2819993      1        2        564550       0.38   8        0        82632       70568.75    0.00        70568.75   
  56       2017261      1        3        978536       0.66   18       0        81644       54363.11    0.00        54363.11   
  57       2810126      1        2        538092       0.36   10       0        81368       53809.20    0.00        53809.20   
  58       2828122      1        2        684806       0.46   10       0        79902       68480.60    0.00        68480.60   
  59       2018496      1        9        500888       0.34   10       0        79520       50088.80    0.00        50088.80   
  60       2815481      1        6        703672       0.47   11       0        77832       63970.18    0.00        63970.18   
  61       2022716      1        2        491454       0.33   8        0        77296       61431.75    0.00        61431.75   
  62       2821561      1        2        1860946      1.25   33       0        76488       56392.30    0.00        56392.30   
  63       2828060      1        4        1011578      0.68   18       0        76372       56198.78    0.00        56198.78   
  64       2016706      1        20       911002       0.61   18       0        75898       50611.22    0.00        50611.22   
  65       2816525      1        10       622040       0.42   10       0        75692       62204.00    0.00        62204.00   
  66       2024606      1        2        663654       0.45   18       0        75292       36869.67    0.00        36869.67   
  67       2012707      1        5        695934       0.47   15       0        74806       46395.60    0.00        46395.60   
  68       2822601      1        4        501284       0.34   10       0        74292       50128.40    0.00        50128.40   
  69       2816394      1        2        594960       0.40   15       0        74244       39664.00    0.00        39664.00   
  70       2816327      1        4        611470       0.41   10       0        74222       61147.00    0.00        61147.00   
  71       2018452      1        15       620990       0.42   10       0        74176       62099.00    0.00        62099.00   
  72       2018386      1        2        638630       0.43   10       0        74152       63863.00    0.00        63863.00   
  73       2020963      1        2        425282       0.29   8        0        74080       53160.25    0.00        53160.25   
  74       2811826      1        7        467646       0.32   8        0        74046       58455.75    0.00        58455.75   
  75       2826256      1        2        1306348      0.88   33       0        74042       39586.30    0.00        39586.30   
  76       2024771      1        1        1038022      0.70   33       0        73884       31455.21    0.00        31455.21   
  77       2815753      1        2        241258       0.16   4        0        73870       60314.50    0.00        60314.50   
  78       2812433      1        2        1011528      0.68   18       0        73522       56196.00    0.00        56196.00   
  79       2821569      1        7        883164       0.60   18       0        73178       49064.67    0.00        49064.67   
  80       2815363      1        3        492186       0.33   8        0        73090       61523.25    0.00        61523.25   
  81       2020078      1        3        485512       0.33   8        0        72978       60689.00    0.00        60689.00   
  82       2821148      1        4        791226       0.53   15       0        71084       52748.40    0.00        52748.40   
  83       2013672      1        3        532188       0.36   10       0        70980       53218.80    0.00        53218.80   
  84       2811280      1        7        592732       0.40   11       0        70562       53884.73    0.00        53884.73   
  85       2014442      1        6        446020       0.30   8        0        70276       55752.50    0.00        55752.50   
  86       2815181      1        3        470266       0.32   8        0        69900       58783.25    0.00        58783.25   
  87       2021399      1        3        387144       0.26   8        0        69694       48393.00    0.00        48393.00   
  88       2012612      1        16       350020       0.24   8        0        69260       43752.50    0.00        43752.50   
  89       2811905      1        3        471932       0.32   8        0        69222       58991.50    0.00        58991.50   
  90       2820983      1        5        544972       0.37   8        0        69168       68121.50    0.00        68121.50   
  91       2015877      1        6        949270       0.64   18       0        68892       52737.22    0.00        52737.22   
  92       2809816      1        2        752106       0.51   16       0        68568       47006.62    0.00        47006.62   
  93       2829848      1        2        915292       0.62   18       0        68190       50849.56    0.00        50849.56   
  94       2021067      1        2        788330       0.53   15       0        67884       52555.33    0.00        52555.33   
  95       2816931      1        3        521096       0.35   10       0        67814       52109.60    0.00        52109.60   
  96       2014967      1        3        668950       0.45   18       0        67610       37163.89    0.00        37163.89   
  97       2021413      1        2        976974       0.66   18       0        67340       54276.33    0.00        54276.33   
  98       2815817      1        5        537558       0.36   10       0        67110       53755.80    0.00        53755.80   
  99       2014704      1        7        659306       0.44   15       0        67012       43953.73    0.00        43953.73   
  100      2017119      1        4        461444       0.31   8        0        66516       57680.50    0.00        57680.50   
  101      2008377      1        5        404132       0.27   8        0        66168       50516.50    0.00        50516.50   
  102      2805260      1        4        376988       0.25   10       0        66152       37698.80    0.00        37698.80   
  103      2019344      1        5        511234       0.34   10       0        65754       51123.40    0.00        51123.40   
  104      2021038      1        4        392048       0.26   8        0        65700       49006.00    0.00        49006.00   
  105      2827656      1        2        477840       0.32   10       0        65692       47784.00    0.00        47784.00   
  106      2003657      1        18       398342       0.27   10       0        65096       39834.20    0.00        39834.20   
  107      2020962      1        3        422936       0.28   8        0        64548       52867.00    0.00        52867.00   
  108      2816768      1        2        500788       0.34   10       0        64282       50078.80    0.00        50078.80   
  109      2816526      1        13       513266       0.35   10       0        64218       51326.60    0.00        51326.60   
  110      2806132      1        3        394646       0.27   8        0        64030       49330.75    0.00        49330.75   
  111      2014133      1        4        637644       0.43   15       0        63982       42509.60    0.00        42509.60   
  112      2017707      1        4        63840        0.04   1        0        63840       63840.00    0.00        63840.00   
  113      2018981      1        4        490172       0.33   10       0        63796       49017.20    0.00        49017.20   
  114      2816924      1        4        494112       0.33   10       0        63700       49411.20    0.00        49411.20   
  115      2828190      1        2        417182       0.28   8        0        63584       52147.75    0.00        52147.75   
  116      2826432      1        2        324086       0.22   8        0        63554       40510.75    0.00        40510.75   
  117      2022197      1        3        713078       0.48   15       0        63460       47538.53    0.00        47538.53   
  118      2017613      1        9        519116       0.35   10       0        63110       51911.60    0.00        51911.60   
  119      2806959      1        2        543066       0.37   15       0        63024       36204.40    0.00        36204.40   
  120      2816925      1        3        499928       0.34   10       0        62806       49992.80    0.00        49992.80   
  121      2819673      1        4        489660       0.33   10       0        62750       48966.00    0.00        48966.00   
  122      2815156      1        2        402258       0.27   8        0        62472       50282.25    0.00        50282.25   
  123      2809511      1        4        885728       0.60   18       0        62216       49207.11    0.00        49207.11   
  124      2020964      1        2        401918       0.27   8        0        62002       50239.75    0.00        50239.75   
  125      2827279      1        5        8

This file has been truncated. Go here to download in full.


packet_stats.log - (19047 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           333         37567686      383147466     224129659         74.6b   59.80
 IPv4      17           187          7530320      375843950     221994076         41.5b   33.26
 IPv6       6             1        188284792      188284792     188284792        188.3m    0.15
 IPv6      17            25          9589248      374088448     228461637          5.7b    4.58
 IPv6      58            14        110645360      318453920     196505980          2.8b    2.20
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           333           116152       10167360        880201        293.1m   71.97
TMM_FLOWWORKER              IPv4      17           187           261606       15662350        519593         97.2m   23.86
TMM_RECEIVEPCAPFILE         IPv4       6           333             4426          23296          4920          1.6m    0.40
TMM_RECEIVEPCAPFILE         IPv4      17           187             4488          14938          5230        978.0k    0.24
TMM_DECODEPCAPFILE          IPv4       6           333             4540          24892          4917          1.6m    0.40
TMM_DECODEPCAPFILE          IPv4      17           187             4592          48248          5046        943.7k    0.23
TMM_FLOWWORKER              IPv6       6             1           232098         232098        232098        232.1k    0.06
TMM_FLOWWORKER              IPv6      17            25           296252         547052        356122          8.9m    2.19
TMM_FLOWWORKER              IPv6      58            14           135186         216174        158688          2.2m    0.55
TMM_RECEIVEPCAPFILE         IPv6       6             1             4774           4774          4774          4.8k    0.00
TMM_RECEIVEPCAPFILE         IPv6      17            25             4820           5664          5063        126.6k    0.03
TMM_RECEIVEPCAPFILE         IPv6      58            14             4502           4990          4796         67.1k    0.02
TMM_DECODEPCAPFILE          IPv6       6             1             5354           5354          5354          5.4k    0.00
TMM_DECODEPCAPFILE          IPv6      17            25             4646          25828          5753        143.8k    0.04
TMM_DECODEPCAPFILE          IPv6      58            14             4664          16818          5826         81.6k    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           333             4746          43518          6111          2.0m  0.56  
flow                    IPv4      17           187             4756          44920          7300          1.4m  0.38  
stream                  IPv4       6           333             5200         493812         36821         12.3m  3.39  
app-layer               IPv4      17           187             4412          63838          8589          1.6m  0.44  
detect                  IPv4       6           333            77810        9418414        769605        256.3m  70.94 
detect                  IPv4      17           187           233328       11090662        402510         75.3m  20.84 
tcp-prune               IPv4       6           333             4444          24140          5422          1.8m  0.50  
flow                    IPv6       6             1             6236           6236          6236          6.2k  0.00  
flow                    IPv6      17            25             4754          30860          8016        200.4k  0.06  
flow                    IPv6      58            14             5824           9696          6892         96.5k  0.03  
stream                  IPv6       6             1             5824           5824          5824          5.8k  0.00  
app-layer               IPv6      17            25             4440          20934          8420        210.5k  0.06  
detect                  IPv6       6             1           186342         186342        186342        186.3k  0.05  
detect                  IPv6      17            25           266850         494244        319621          8.0m  2.21  
detect                  IPv6      58            14           114422         188140        137232          1.9m  0.53  
tcp-prune               IPv6       6             1             6456           6456          6456          6.5k  0.00  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6            23             5962          47906         18916        435.1k  51.82 
http                    IPv4      17            27             5962          66780         12291        331.9k  39.52 
dns                     IPv4      17             2            12176          26600         19388         38.8k  4.62  
http                    IPv6      17             3             7228          19468         11308         33.9k  4.04  
Proto detect            IPv4      17            43             4666          45850          9696        416.9k
Proto detect            IPv6      17             5             4742           8632          6289         31.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             5            69634         158528         93903        469.5k  1.80  
LOGGER_UNIFIED2             IPv4       6             5            52360         161668         79916        399.6k  1.53  
LOGGER_JSON_ALERT           IPv4       6             5            80118         118978         98874        494.4k  1.90  
LOGGER_JSON_DNS             IPv4      17             2           161326       14783548       7472437         14.9m  57.34 
LOGGER_JSON_HTTP            IPv4       6            33            46386         225014        104181          3.4m  13.19 
LOGGER_JSON_FILE            IPv4       6            58            56066         243948        108925          6.3m  24.24 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           180             4512        6176240         95355        17.2m  28.31 
payload                           IPv4      17           187             7792         282264         37241         7.0m  11.48 
stream                            IPv4       6           180             4436         793010         95480        17.2m  28.34 
http_uri                          IPv4       6            33            14456          57632         25955       856.5k  1.41  
http_request_line                 IPv4       6            33             9248          13222         10888       359.3k  0.59  
http_client_body                  IPv4       6            46             4538         548670         71787         3.3m  5.45  
http_header (request)             IPv4       6            33            63552         198054        108867         3.6m  5.92  
http_header (request trailer)     IPv4       6            33             4484          19744          5186       171.2k  0.28  
http_header_names (request)       IPv4       6            33            25958          70100         34196         1.1m  1.86  
http_accept (request)             IPv4       6            33             5304          21300          6445       212.7k  0.35  
http_referer (request)            IPv4       6            33             5012          27752          8399       277.2k  0.46  
http_content_len (request)        IPv4       6            33             5096           9576          7158       236.2k  0.39  
http_content_type (request)       IPv4       6            33             7696          58280         14541       479.9k  0.79  
http_protocol (request)           IPv4       6            33             7200          24006          8612       284.2k  0.47  
http_start (request)              IPv4       6            33            16834          36856         21997       725.9k  1.20  
http_raw_header (request)         IPv4       6            46             7224         115454         20281       932.9k  1.54  
http_method                       IPv4       6            33             8282          25738          9981       329.4k  0.54  
http_cookie (request)             IPv4       6            33             4936           7362          5552       183.2k  0.30  
http_raw_uri                      IPv4       6            33             6504          11774          8687       286.7k  0.47  
http_user_agent                   IPv4       6            33             9490          63066         23493       775.3k  1.28  
http_host                         IPv4       6            33             6506          22902         11318       373.5k  0.62  
dns_query                         IPv4      17             1            28454          28454         28454        28.5k  0.05  
http_response_line                IPv4       6            33             7434          30196         11554       381.3k  0.63  
http_header (response)            IPv4       6            33            30234          87408         50056         1.7m  2.72  
http_header (response trailer)    IPv4       6            33             4484          21086          5310       175.3k  0.29  
http_content_type (response)      IPv4       6            33            10056          28650         12640       417.1k  0.69  
http_raw_header (response)        IPv4       6            48             7038          33242         12899       619.2k  1.02  
http_cookie (response)            IPv4       6            33             4884           7068          5414       178.7k  0.29  
http_stat_code                    IPv4       6            33             5696          29742          9183       303.1k  0.50  
file_data (http response)         IPv4       6            15             5574           9592          6173        92.6k  0.15  
Total                             IPv4                  1429                                         41756        59.7m
payload                           IPv6      17            25            14654         116794         33442       836.1k  1.38  
payload                           IPv6      58            14             4764          26972          9428       132.0k  0.22  
Total                             IPv6                    39                                         24822       968.1k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            47            14114         178076         52800          2.5m  0.54  
PROF_DETECT_IPONLY          IPv4      17            43            41840         247144         67204          2.9m  0.63  
PROF_DETECT_RULES           IPv4       6           333             4456        6001434        458218        152.6m  33.39 
PROF_DETECT_RULES           IPv4      17           187           129726       10739748        238816         44.7m  9.77  
PROF_DETECT_STATEFUL_START    IPv4       6           135             8904        3170394        490506         66.2m  14.49 
PROF_DETECT_STATEFUL_CONT    IPv4       6           333             4406         107924         10680          3.6m  0.78  
PROF_DETECT_STATEFUL_CONT    IPv4      17           187             4390          52104          5526          1.0m  0.23  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           224             4470          34280          5183          1.2m  0.25  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             5454           7682          6568         13.1k  0.00  
PROF_DETECT_PREFILTER       IPv4       6           333            13470        6384632        211725         70.5m  15.43 
PROF_DETECT_PREFILTER       IPv4      17           187            44684         330324         77884         14.6m  3.19  
PROF_DETECT_PF_PAYLOAD      IPv4       6           180            42666        6197222        206180         37.1m  8.12  
PROF_DETECT_PF_PAYLOAD      IPv4      17           187            17140         292564         46742          8.7m  1.91  
PROF_DETECT_PF_TX           IPv4       6           224             4498         653272        107601         24.1m  5.27  
PROF_DETECT_PF_TX           IPv4      17             1            38434          38434         38434         38.4k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6           150             4522          53988          7918          1.2m  0.26  
PROF_DETECT_PF_SORT1        IPv4      17           187             4744          21358          5361          1.0m  0.22  
PROF_DETECT_PF_SORT2        IPv4       6           333             4430          34794          5822          1.9m  0.42  
PROF_DETECT_PF_SORT2        IPv4      17           187             4478          26286          4991        933.5k  0.20  
PROF_DETECT_NONMPMLIST      IPv4       6           333             4428          30378          5321          1.8m  0.39  
PROF_DETECT_NONMPMLIST      IPv4      17           187             4418          22920          5478          1.0m  0.22  
PROF_DETECT_ALERT           IPv4       6           333             4406          32164          5208          1.7m  0.38  
PROF_DETECT_ALERT           IPv4      17           187             4414          23004          4999        934.9k  0.20  
PROF_DETECT_CLEANUP         IPv4       6           333             4454          39366          5573          1.9m  0.41  
PROF_DETECT_CLEANUP         IPv4      17           187             4408          20664          4986        932.5k  0.20  
PROF_DETECT_GETSGH          IPv4       6           333             4418         116138          7703          2.6m  0.56  
PROF_DETECT_GETSGH          IPv4      17           187             4402          56110          7608          1.4m  0.31  
PROF_DETECT_IPONLY          IPv6       6             1             8586           8586          8586          8.6k  0.00  
PROF_DETECT_IPONLY          IPv6      17             5             4930          29036         11197         56.0k  0.01  
PROF_DETECT_IPONLY          IPv6      58            14             4896          21788          9251        129.5k  0.03  
PROF_DETECT_RULES           IPv6       6             1             5242           5242          5242          5.2k  0.00  
PROF_DETECT_RULES           IPv6      17            25           147676         237848        176316          4.4m  0.96  
PROF_DETECT_RULES           IPv6      58            14             4424          21358          6515         91.2k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv6       6             1             5862           5862          5862          5.9k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv6      17            25             4428           7140          4855        121.4k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv6      58   

This file has been truncated. Go here to download in full.


stats.log - (3528 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
------------------------------------------------------------------------------------
Date: 9/16/2019 -- 08:46:50 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 628
decoder.bytes                              | Total                     | 380809
decoder.ipv4                               | Total                     | 520
decoder.ipv6                               | Total                     | 40
decoder.ethernet                           | Total                     | 628
decoder.tcp                                | Total                     | 334
decoder.udp                                | Total                     | 212
decoder.icmpv6                             | Total                     | 14
decoder.avg_pkt_size                       | Total                     | 606
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 25
flow.udp                                   | Total                     | 47
flow.icmpv6                                | Total                     | 14
tcp.sessions                               | Total                     | 23
tcp.syn                                    | Total                     | 24
tcp.synack                                 | Total                     | 23
tcp.rst                                    | Total                     | 3
detect.alert                               | Total                     | 5
detect.mpm_list                            | Total                     | 12
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 13
app_layer.flow.http                        | Total                     | 23
app_layer.tx.http                          | Total                     | 33
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 46
flow_mgr.closed_pruned                     | Total                     | 6
flow_mgr.new_pruned                        | Total                     | 36
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 81
flow_mgr.flows_notimeout                   | Total                     | 43
flow_mgr.flows_timeout                     | Total                     | 38
flow_mgr.flows_removed                     | Total                     | 38
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65458
flow_mgr.rows_empty                        | Total                     | 1
flow_mgr.rows_maxlen                       | Total                     | 2
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7097920


eve.json - (52174 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
{"timestamp":"2019-09-16T08:38:30.430465+0000","flow_id":798416334918017,"pcap_cnt":15,"event_type":"dns","src_ip":"192.168.240.16","src_port":62867,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":42841,"rrname":"smalldeal.mypressonline.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-16T08:38:30.478473+0000","flow_id":798416334918017,"pcap_cnt":16,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.240.16","dest_port":62867,"proto":"UDP","dns":{"type":"answer","id":42841,"rcode":"NOERROR","rrname":"smalldeal.mypressonline.com","rrtype":"A","ttl":3599,"rdata":"185.176.43.96"}}
{"timestamp":"2019-09-16T08:38:31.336740+0000","flow_id":1883733095789252,"pcap_cnt":42,"event_type":"http","src_ip":"192.168.240.16","src_port":49470,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-16T08:38:31.336740+0000","flow_id":1883733095789252,"pcap_cnt":42,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":49470,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html","http_refer":"http:\/\/smalldeal.mypressonline.com\/post\/post.php","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":122},"app_proto":"http","fileinfo":{"filename":"loves111_mfF0ject6L","gaps":false,"state":"CLOSED","stored":false,"size":17549,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:31.609735+0000","flow_id":1883733095789252,"pcap_cnt":44,"event_type":"fileinfo","src_ip":"185.176.43.96","src_port":80,"dest_ip":"192.168.240.16","dest_port":49470,"proto":"TCP","http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html","http_refer":"http:\/\/smalldeal.mypressonline.com\/post\/post.php","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":122},"app_proto":"http","fileinfo":{"filename":"\/post\/post.php","gaps":false,"state":"CLOSED","stored":false,"size":122,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:31.609821+0000","flow_id":1883733095789252,"pcap_cnt":45,"event_type":"alert","src_ip":"192.168.240.16","src_port":49470,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2829548,"rev":2,"signature":"ETPRO TROJAN W32\/Kimsuky Sending Encrypted System Information to CnC","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-16T08:38:31.609821+0000","flow_id":1883733095789252,"pcap_cnt":45,"event_type":"http","src_ip":"192.168.240.16","src_port":49470,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-16T08:38:31.609821+0000","flow_id":1883733095789252,"pcap_cnt":45,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":49470,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html","http_refer":"http:\/\/smalldeal.mypressonline.com\/post\/post.php","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":122},"app_proto":"http","fileinfo":{"filename":"loves111_mfF0ject6L","gaps":false,"state":"CLOSED","stored":false,"size":6,"tx_id":1}}
{"timestamp":"2019-09-16T08:38:31.763659+0000","flow_id":1883733095789252,"pcap_cnt":47,"event_type":"fileinfo","src_ip":"185.176.43.96","src_port":80,"dest_ip":"192.168.240.16","dest_port":49470,"proto":"TCP","http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html","http_refer":"http:\/\/smalldeal.mypressonline.com\/post\/post.php","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":122},"app_proto":"http","fileinfo":{"filename":"\/post\/post.php","gaps":false,"state":"CLOSED","stored":false,"size":122,"tx_id":1}}
{"timestamp":"2019-09-16T08:38:31.763724+0000","flow_id":1883733095789252,"pcap_cnt":48,"event_type":"http","src_ip":"192.168.240.16","src_port":49470,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/download.php?filename=loves111","http_user_agent":"Mozilla\/5.0","http_content_type":"text\/html"}}
{"timestamp":"2019-09-16T08:38:35.534037+0000","flow_id":1883733095789252,"pcap_cnt":49,"event_type":"fileinfo","src_ip":"185.176.43.96","src_port":80,"dest_ip":"192.168.240.16","dest_port":49470,"proto":"TCP","http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/download.php?filename=loves111","http_user_agent":"Mozilla\/5.0","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":403,"length":122},"app_proto":"http","fileinfo":{"filename":"\/post\/download.php","gaps":false,"state":"CLOSED","stored":false,"size":122,"tx_id":2}}
{"timestamp":"2019-09-16T08:38:36.366794+0000","flow_id":74890439593426,"pcap_cnt":63,"event_type":"fileinfo","src_ip":"192.168.240.248","src_port":49358,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:36.366929+0000","flow_id":74890439593426,"pcap_cnt":65,"event_type":"http","src_ip":"192.168.240.248","src_port":49358,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-16T08:38:36.367991+0000","flow_id":74890439593426,"pcap_cnt":67,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":5357,"dest_ip":"192.168.240.248","dest_port":49358,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:38.502298+0000","flow_id":943055801590442,"pcap_cnt":91,"event_type":"fileinfo","src_ip":"192.168.240.218","src_port":49401,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:38.502714+0000","flow_id":943055801590442,"pcap_cnt":93,"event_type":"http","src_ip":"192.168.240.218","src_port":49401,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-16T08:38:38.504087+0000","flow_id":943055801590442,"pcap_cnt":95,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":5357,"dest_ip":"192.168.240.218","dest_port":49401,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:38.751918+0000","flow_id":742869523394220,"pcap_cnt":121,"event_type":"fileinfo","src_ip":"192.168.240.25","src_port":49290,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:38.752396+0000","flow_id":742869523394220,"pcap_cnt":123,"event_type":"http","src_ip":"192.168.240.25","src_port":49290,"dest_ip":"192.168.240.16","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-16T08:38:38.754037+0000","flow_id":742869523394220,"pcap_cnt":125,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":5357,"dest_ip":"192.168.240.25","dest_port":49290,"proto":"TCP","http":{"hostname":"192.168.240.16","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:38.797531+0000","flow_id":483910912714079,"pcap_cnt":154,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":49471,"dest_ip":"192.168.240.210","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.210","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:38.797873+0000","flow_id":483910912714079,"pcap_cnt":156,"event_type":"http","src_ip":"192.168.240.16","src_port":49471,"dest_ip":"192.168.240.210","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.210","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-16T08:38:38.799208+0000","flow_id":483910912714079,"pcap_cnt":159,"event_type":"fileinfo","src_ip":"192.168.240.210","src_port":5357,"dest_ip":"192.168.240.16","dest_port":49471,"proto":"TCP","http":{"hostname":"192.168.240.210","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:40.741504+0000","flow_id":1842400478687088,"pcap_cnt":204,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":49472,"dest_ip":"192.168.240.223","dest_port":5357,"proto":"TCP","http":{"hostname":"192.168.240.223","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":2758},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":733,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:40.741680+0000","flow_id":1842400478687088,"pcap_cnt":206,"event_type":"http","src_ip":"192.168.240.16","src_port":49472,"dest_ip":"192.168.240.223","dest_port":5357,"proto":"TCP","tx_id":0,"http":{"hostname":"192.168.240.223","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml"}}
{"timestamp":"2019-09-16T08:38:40.742522+0000","flow_id":1842400478687088,"pcap_cnt":208,"event_type":"fileinfo","src_ip":"192.168.240.223","src_port":5357,"dest_ip":"192.168.240.16","dest_port":49472,"proto":"TCP","http":{"hostname":"192.168.240.223","url":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","http_user_agent":"WSDAPI","http_content_type":"application\/soap+xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":3999},"app_proto":"http","fileinfo":{"filename":"\/733c94c5-cebb-4f98-a75f-22a797d1d50b\/","gaps":false,"state":"CLOSED","stored":false,"size":3999,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:50.427105+0000","flow_id":287959473316881,"pcap_cnt":250,"event_type":"http","src_ip":"192.168.240.16","src_port":49473,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-16T08:38:50.427105+0000","flow_id":287959473316881,"pcap_cnt":250,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":49473,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html","http_refer":"http:\/\/smalldeal.mypressonline.com\/post\/post.php","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":122},"app_proto":"http","fileinfo":{"filename":"loves111_mfF0ject6L","gaps":false,"state":"CLOSED","stored":false,"size":189,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:50.732243+0000","flow_id":287959473316881,"pcap_cnt":252,"event_type":"fileinfo","src_ip":"185.176.43.96","src_port":80,"dest_ip":"192.168.240.16","dest_port":49473,"proto":"TCP","http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html","http_refer":"http:\/\/smalldeal.mypressonline.com\/post\/post.php","http_method":"POST","protocol":"HTTP\/1.1","status":403,"length":122},"app_proto":"http","fileinfo":{"filename":"\/post\/post.php","gaps":false,"state":"CLOSED","stored":false,"size":122,"tx_id":0}}
{"timestamp":"2019-09-16T08:38:50.732317+0000","flow_id":287959473316881,"pcap_cnt":253,"event_type":"alert","src_ip":"192.168.240.16","src_port":49473,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2829548,"rev":2,"signature":"ETPRO TROJAN W32\/Kimsuky Sending Encrypted System Information to CnC","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-16T08:38:50.732317+0000","flow_id":287959473316881,"pcap_cnt":253,"event_type":"http","src_ip":"192.168.240.16","src_port":49473,"dest_ip":"185.176.43.96","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"smalldeal.mypressonline.com","url":"\/post\/post.php","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; .NET CLR 1.1.4322)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-16T08:38:50.732317+0000","flow_id":287959473316881,"pcap_cnt":253,"event_type":"fileinfo","src_ip":"192.168.240.16","src_port":49473,"dest_ip":"185.176.43.96","dest_port":8

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-09-16-T-08-46-50-09162019.0846-network.pcap.txt - (1150 bytes) - download
1
2
3
4
5
09/16/2019-08:38:31.609821  [**] [1:2829548:2] ETPRO TROJAN W32/Kimsuky Sending Encrypted System Information to CnC [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.16:49470 -> 185.176.43.96:80
09/16/2019-08:38:50.732317  [**] [1:2829548:2] ETPRO TROJAN W32/Kimsuky Sending Encrypted System Information to CnC [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.16:49473 -> 185.176.43.96:80
09/16/2019-08:39:48.951953  [**] [1:2829548:2] ETPRO TROJAN W32/Kimsuky Sending Encrypted System Information to CnC [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.16:49476 -> 185.176.43.96:80
09/16/2019-08:40:27.840799  [**] [1:2829548:2] ETPRO TROJAN W32/Kimsuky Sending Encrypted System Information to CnC [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.16:49480 -> 185.176.43.96:80
09/16/2019-08:40:47.722854  [**] [1:2829548:2] ETPRO TROJAN W32/Kimsuky Sending Encrypted System Information to CnC [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.240.16:49483 -> 185.176.43.96:80


keyword_perf.log - (12346 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/16/2019 -- 08:46:50
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            65512           10              10              13808           6551.00         6551.00         0.00           
  flow             13870556        2317            2317            406022          5986.00         5986.00         0.00           
  content          24830306        3747            2111            84552           6626.00         6775.00         6435.00        
  pcre             4745676         514             149             71294           9232.00         8848.00         9389.00        
  byte_test        79420           10              4               26494           7942.00         12140.00        5143.00        
  byte_jump        103004          18              0               16048           5722.00         0.00            5722.00        
  isdataat         4764            1               0               4764            4764.00         0.00            4764.00        
  flowbits         528726          85              25              21256           6220.00         8005.00         5476.00        
  urilen           3003860         532             155             33664           5646.00         5821.00         5574.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dsize            65512           10              10              13808           6551.00         6551.00         0.00           
  flow             13870556        2317            2317            406022          5986.00         5986.00         0.00           
  flowbits         436026          75              15              21256           5813.00         7162.00         5476.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2780110         440             191             32982           6318.00         7158.00         5673.00        
  pcre             33888           1               0               33888           33888.00        0.00            33888.00       
  byte_test        79420           10              4               26494           7942.00         12140.00        5143.00        
  byte_jump        103004          18              0               16048           5722.00         0.00            5722.00        
  isdataat         4764            1               0               4764            4764.00         0.00            4764.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         92700           10              10              16802           9270.00         9270.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5593930         864             576             38074           6474.00         6542.00         6338.00        
  pcre             3160752         355             94              49260           8903.00         8161.00         9170.00        
  urilen           3003860         532             155             33664           5646.00         5821.00         5574.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2775336         351             110             76240           7906.00         8098.00         7819.00        
  pcre             96726           10              5               37962           9672.00         6600.00         12745.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          124100          15              0               43986           8273.00         0.00            8273.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8816000         1294            799             84552           6812.00         6932.00         6619.00        
  pcre             1218180         118             30              71294           10323.00        11808.00        9817.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          848446          140             67              8358            6060.00         6107.00         6017.00        
  pcre             72154           10              0               14846           7215.00         0.00            7215.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_connection
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          76392           15              0               5618            5092.00         0.00            5092.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          262680          44              44              10050           5970.00         5970.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1742532         294             176             27074           5926.00         6081.00         5696.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1576376         254             148             22280           6206.00         6717.00         5491.00        
  pcre             163976          20              20              15790           8198.00         8198.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          234404          36              0               42162           6511.00         0.00            6511.00        


IDSDeathBlossom.py.log - (1146 bytes) - download
1
2
3
4
5
6
7
8
2019-09-16 08:46:22,224 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-16 08:46:23,044 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-16 08:46:23,044 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-16 08:46:23,045 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-16 08:46:23,045 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-16 08:46:23,045 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/ed82d931b8b865b1f7c5c1a66316e69d56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.0846-network.pcap -vvv -k none
2019-09-16 08:46:50,526 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-16 08:46:50,527 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 28.312114954


suricata-report-2019-09-16-T-08-46-50-09162019.0846-network.pcap.txt - (17650 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/ed82d931b8b865b1f7c5c1a66316e69d56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09162019.0846-network.pcap -vvv -k none
elapsedtime:27.477631
stderr:
stdout:
16/9/2019 -- 08:46:23 - <Info> - Configuration node 'rule-files' redefined.
16/9/2019 -- 08:46:23 - <Notice> - This is Suricata version 4.0.0 RELEASE
16/9/2019 -- 08:46:23 - <Info> - CPUs/cores online: 1
16/9/2019 -- 08:46:23 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31989 and 'request-body-inspect-window' set to 16351 after randomization.
16/9/2019 -- 08:46:23 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33475 and 'response-body-inspect-window' set to 16311 after randomization.
16/9/2019 -- 08:46:23 - <Config> - DNS request flood protection level: 500
16/9/2019 -- 08:46:23 - <Config> - DNS per flow memcap (state-memcap): 524288
16/9/2019 -- 08:46:23 - <Config> - DNS global memcap: 16777216
16/9/2019 -- 08:46:23 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
16/9/2019 -- 08:46:23 - <Config> - preallocated 1000 hosts of size 136
16/9/2019 -- 08:46:23 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
16/9/2019 -- 08:46:23 - <Config> - using magic-file /usr/share/file/magic
16/9/2019 -- 08:46:23 - <Config> - Core dump size is unlimited.
16/9/2019 -- 08:46:23 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
16/9/2019 -- 08:46:23 - <Config> - preallocated 1000 defrag trackers of size 168
16/9/2019 -- 08:46:23 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
16/9/2019 -- 08:46:23 - <Config> - stream "prealloc-sessions": 2048 (per thread)
16/9/2019 -- 08:46:23 - <Config> - stream "memcap": 33554432
16/9/2019 -- 08:46:23 - <Config> - stream "midstream" session pickups: disabled
16/9/2019 -- 08:46:23 - <Config> - stream "async-oneside": disabled
16/9/2019 -- 08:46:23 - <Config> - stream "checksum-validation": disabled
16/9/2019 -- 08:46:23 - <Config> - stream."inline": disabled
16/9/2019 -- 08:46:23 - <Config> - stream "bypass": disabled
16/9/2019 -- 08:46:23 - <Config> - stream "max-synack-queued": 5
16/9/2019 -- 08:46:23 - <Config> - stream.reassembly "memcap": 134217728
16/9/2019 -- 08:46:23 - <Config> - stream.reassembly "depth": 0
16/9/2019 -- 08:46:23 - <Config> - stream.reassembly "toserver-chunk-size": 2667
16/9/2019 -- 08:46:23 - <Config> - stream.reassembly "toclient-chunk-size": 2655
16/9/2019 -- 08:46:23 - <Config> - stream.reassembly.raw: enabled
16/9/2019 -- 08:46:23 - <Config> - stream.reassembly "segment-prealloc": 2048
16/9/2019 -- 08:46:23 - <Config> - Delayed detect disabled
16/9/2019 -- 08:46:23 - <Config> - pattern matchers: MPM: ac, SPM: bm
16/9/2019 -- 08:46:23 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
16/9/2019 -- 08:46:23 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
16/9/2019 -- 08:46:23 - <Config> - prefilter engines: MPM
16/9/2019 -- 08:46:23 - <Config> - IP reputation disabled
16/9/2019 -- 08:46:23 - <Perf> - Registered 148 keyword profiling counters.
16/9/2019 -- 08:46:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
16/9/2019 -- 08:46:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
16/9/2019 -- 08:46:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
16/9/2019 -- 08:46:28 - <Config> - No rules loaded from ET-icmp.rules.
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
16/9/2019 -- 08:46:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
16/9/2019 -- 08:46:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
16/9/2019 -- 08:46:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
16/9/2019 -- 08:46:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
16/9/2019 -- 08:46:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
16/9/2019 -- 08:46:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
16/9/2019 -- 08:46:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
16/9/2019 -- 08:46:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
16/9/2019 -- 08:46:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
16/9/2019 -- 08:46:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
16/9/2019 -- 08:46:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
16/9/2019 -- 08:46:35 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
16/9/2019 -- 08:46:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
16/9/2019 -- 08:46:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
16/9/2019 -- 08:46:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
16/9/2019 -- 08:46:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
16/9/2019 -- 08:46:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
16/9/2019 -- 08:46:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
16/9/2019 -- 08:46:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
16/9/2019 -- 08:46:36 - <Config> - No rules loaded from local.rules.
16/9/2019 -- 08:46:36 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
16/9/2019 -- 08:46:37 - <Info> - Threshold config parsed: 0 rule(s) found
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for tcp-packet
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for tcp-stream
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for udp-packet
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for other-ip
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_uri
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_client_body
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_header
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_header_names
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_accept
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_accept_enc
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_accept_lang
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_referer
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_connection
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_content_len
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_content_type
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_protocol
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_start
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_raw_header
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_method
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_cookie
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_raw_uri
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_user_agent
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_host
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_raw_host
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_stat_msg
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_stat_code
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for dns_query
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for tls_sni
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for tls_cert_issuer
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for tls_cert_subject
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for tls_cert_serial
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for dce_stub_data
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for ssh_protocol
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for ssh_software
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for file_data
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_request_line
16/9/2019 -- 08:46:37 - <Perf> - using shared mpm ctx' for http_response_line
16/9/2019 -- 08:46:37 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
16/9/2019 -- 08:46:37 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
16/9/2019 -- 08:46:37 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
16/9/2019 -- 08:46:37 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
16/9/2019 -- 08:46:38 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
16/9/2019 -- 08:46:38 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
16/9/2019 -- 08:46:38 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
16/9/2019 -- 08:46:38 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
16/9/2019 -- 08:46:46 - <Perf> - Unique rule groups: 104
16/9/2019 -- 08:46:46 - <Perf> - Builtin MPM "toserver TCP packet": 35
16/9/2019 -- 08:46:46 - <Perf> - Builtin MPM "toclient TCP packet": 17
16/9/2019 -- 08:46:46 - <Perf> - Builtin MPM "toserver TCP stream": 33
16/9/2019 -- 08:46:46 - <Perf> - Builtin MPM "toclient TCP stream": 19
16/9/2019 -- 08:46:46 - <Perf> - Builtin MPM "toserver UDP packet": 27
16/9/2019 -- 08:46:46 - <Perf> - Builtin MPM "toclient UDP packet": 17
16/9/2019 -- 08:46:46 - <Perf> - Builtin MPM "other IP packet": 3
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_uri": 14
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_request_line": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_client_body": 6
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient http_response_line": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_header": 10
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient http_header": 6
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_header_names": 2
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_accept": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_referer": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_content_len": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_content_type": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient http_content_type": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_protocol": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_start": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_method": 5
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_cookie": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient http_cookie": 2
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver http_host": 2
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver dns_query": 4
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver tls_sni": 2
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toserver file_data": 1
16/9/2019 -- 08:46:46 - <Perf> - AppLayer MPM "toclient file_data": 7
16/9/2019 -- 08:46:48 - <Perf> - Registered 39590 rule profiling counters.
16/9/2019 -- 08:46:48 - <Info> - fast output device (regular) initialized: alert
16/9/2019 -- 08:46:48 - <Info> - eve-log output device (regular) initialized: eve.json
16/9/2019 -- 08:46:48 - <Config> - enabling 'eve-log' module 'alert'
16/9/2019 -- 08:46:48 - <Config> - enabling 'eve-log' module 'http'
16/9/2019 -- 08:46:48 - <Config> - enabling 'eve-log' module 'dns'
16/9/2019 -- 08:46:48 - <Config> - enabling 'eve-log' module 'tls'
16/9/2019 -- 08:46:48 - <Config> - enabling 'eve-log' module 'files'
16/9/2019 -- 08:46:48 - <Config> - enabling 'eve-log' module 'ssh'
16/9/2019 -- 08:46:48 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
16/9/2019 -- 08:46:48 - <Info> - stats output device (regular) initialized: stats.log
16/9/2019 -- 08:46:48 - <Config> - AutoFP mode using "Hash" flow load balancer
16/9/2019 -- 08:46:48 - <Info> - reading pcap file /var/pcap/09162019.0846-network.pcap
16/9/2019 -- 08:46:48 - <Config> - using 1 flow manager threads
16/9/2019 -- 08:46:48 - <Config

This file has been truncated. Go here to download in full.