Filename: 40389135b9319bd4b9b27e5ab03fa5c636f7cec47cd1cbb8e24259a125f20d5b.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 25.2578477859 seconds
Hash: f08e79c3551b47391447436f33975a3c
Uploaded: 1557847980

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-05-14-T-15-33-25-05142019.1533-40389135b9319bd4b9b27e5ab03fa5c636f7cec47cd1cbb8e24259a125f20d5b.pcap.txt - (29014 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/14/2019 -- 15:33:25. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2805348      1        4        1353267      4.38   6        0        1074211     225544.50   0.00        225544.50  
  2        2023624      1        3        678738       2.19   98       0        404210      6925.90     0.00        6925.90    
  3        2010143      1        3        978509       3.16   130      0        386664      7526.99     0.00        7526.99    
  4        2023627      1        3        443818       1.44   76       0        244660      5839.71     0.00        5839.71    
  5        2019002      1        1        435921       1.41   4        0        129421      108980.25   0.00        108980.25  
  6        2828123      1        2        216931       0.70   4        0        112432      54232.75    0.00        54232.75   
  7        2816525      1        10       199052       0.64   4        0        103954      49763.00    0.00        49763.00   
  8        2816909      1        2        284289       0.92   4        0        103013      71072.25    0.00        71072.25   
  9        2820696      1        2        233835       0.76   4        0        102291      58458.75    0.00        58458.75   
  10       2821471      1        2        261415       0.85   4        0        90262       65353.75    0.00        65353.75   
  11       2024133      1        2        198185       0.64   4        0        88582       49546.25    0.00        49546.25   
  12       2009702      1        5        734554       2.38   57       0        87812       12886.91    0.00        12886.91   
  13       2022914      1        1        155912       0.50   6        0        87558       25985.33    0.00        25985.33   
  14       2816910      1        2        246293       0.80   4        0        75668       61573.25    0.00        61573.25   
  15       2812433      1        2        197331       0.64   4        0        72705       49332.75    0.00        49332.75   
  16       2024848      1        2        239475       0.77   4        0        71220       59868.75    0.00        59868.75   
  17       2814883      1        3        203862       0.66   4        0        70662       50965.50    0.00        50965.50   
  18       2017261      1        3        213446       0.69   4        0        64136       53361.50    0.00        53361.50   
  19       2816940      1        2        226044       0.73   4        0        63512       56511.00    0.00        56511.00   
  20       2809363      1        3        219722       0.71   4        0        62173       54930.50    0.00        54930.50   
  21       2807970      1        8        189486       0.61   4        0        61716       47371.50    0.00        47371.50   
  22       2023613      1        3        219955       0.71   60       0        61524       3665.92     0.00        3665.92    
  23       2024136      1        2        160818       0.52   4        0        60283       40204.50    0.00        40204.50   
  24       2024142      1        2        159902       0.52   4        0        59495       39975.50    0.00        39975.50   
  25       2019094      1        5        231013       0.75   8        0        59405       28876.62    0.00        28876.62   
  26       2022901      1        2        189669       0.61   4        0        57095       47417.25    0.00        47417.25   
  27       2024025      1        2        120895       0.39   4        0        56296       30223.75    0.00        30223.75   
  28       2821569      1        7        157635       0.51   4        0        55233       39408.75    0.00        39408.75   
  29       2021418      1        9        181352       0.59   4        0        54953       45338.00    0.00        45338.00   
  30       2017259      1        12       201919       0.65   4        0        52000       50479.75    0.00        50479.75   
  31       2023583      1        4        152228       0.49   4        0        51692       38057.00    0.00        38057.00   
  32       2024138      1        2        165985       0.54   4        0        51422       41496.25    0.00        41496.25   
  33       2024137      1        2        150735       0.49   4        0        50184       37683.75    0.00        37683.75   
  34       2024139      1        2        147248       0.48   4        0        49892       36812.00    0.00        36812.00   
  35       2819993      1        2        209731       0.68   8        0        49650       26216.38    0.00        26216.38   
  36       2016537      1        2        183631       0.59   8        0        49611       22953.88    0.00        22953.88   
  37       2810991      1        4        196305       0.63   4        0        49480       49076.25    0.00        49076.25   
  38       2018359      1        3        162983       0.53   4        0        49359       40745.75    0.00        40745.75   
  39       2020181      1        8        157550       0.51   4        0        48998       39387.50    0.00        39387.50   
  40       2025180      1        1        158622       0.51   4        0        48746       39655.50    0.00        39655.50   
  41       2827505      1        2        175341       0.57   4        0        48370       43835.25    0.00        43835.25   
  42       2816924      1        4        150581       0.49   4        0        48221       37645.25    0.00        37645.25   
  43       2021413      1        2        153085       0.50   4        0        45743       38271.25    0.00        38271.25   
  44       2816526      1        13       138042       0.45   4        0        45223       34510.50    0.00        34510.50   
  45       2024513      1        5        54763        0.18   4        0        44857       13690.75    0.00        13690.75   
  46       2025064      1        5        139712       0.45   4        0        44732       34928.00    0.00        34928.00   
  47       2830574      1        1        111339       0.36   4        0        44645       27834.75    0.00        27834.75   
  48       2804626      1        9        111206       0.36   4        0        44053       27801.50    0.00        27801.50   
  49       2815568      1        2        129128       0.42   4        0        43957       32282.00    0.00        32282.00   
  50       2809601      1        3        131965       0.43   4        0        43124       32991.25    0.00        32991.25   
  51       2014703      1        9        485639       1.57   57       0        43044       8519.98     0.00        8519.98    
  52       2816927      1        3        124329       0.40   4        0        43017       31082.25    0.00        31082.25   
  53       2816930      1        4        120856       0.39   4        0        42572       30214.00    0.00        30214.00   
  54       2828060      1        4        136186       0.44   4        0        42408       34046.50    0.00        34046.50   
  55       2809850      1        2        259690       0.84   14       0        42365       18549.29    0.00        18549.29   
  56       2021038      1        4        127094       0.41   4        0        42358       31773.50    0.00        31773.50   
  57       2806873      1        4        133473       0.43   4        0        42213       33368.25    0.00        33368.25   
  58       2815817      1        5        147038       0.48   4        0        42118       36759.50    0.00        36759.50   
  59       2820851      1        5        144184       0.47   4        0        42094       36046.00    0.00        36046.00   
  60       2826512      1        2        108919       0.35   4        0        41872       27229.75    0.00        27229.75   
  61       2821615      1        2        126608       0.41   4        0        41767       31652.00    0.00        31652.00   
  62       2827279      1        5        129093       0.42   4        0        41577       32273.25    0.00        32273.25   
  63       2812986      1        2        146624       0.47   4        0        41048       36656.00    0.00        36656.00   
  64       2807793      1        4        133138       0.43   4        0        40562       33284.50    0.00        33284.50   
  65       2024573      1        2        149186       0.48   4        0        39015       37296.50    0.00        37296.50   
  66       2014133      1        4        103121       0.33   4        0        38454       25780.25    0.00        25780.25   
  67       2819823      1        5        137959       0.45   4        0        37545       34489.75    0.00        34489.75   
  68       2806921      1        3        103233       0.33   4        0        37304       25808.25    0.00        25808.25   
  69       2008120      1        4        416659       1.35   134      0        36828       3109.40     0.00        3109.40    
  70       2816356      1        2        141739       0.46   4        0        36670       35434.75    0.00        35434.75   
  71       2824398      1        2        142000       0.46   4        0        36592       35500.00    0.00        35500.00   
  72       2024134      1        2        135910       0.44   4        0        36565       33977.50    0.00        33977.50   
  73       2816327      1        4        128974       0.42   4        0        36300       32243.50    0.00        32243.50   
  74       2811711      1        2        103395       0.33   4        0        36276       25848.75    0.00        25848.75   
  75       2024380      1        3        122529       0.40   4        0        36197       30632.25    0.00        30632.25   
  76       2014701      1        12       678289       2.19   57       0        35952       11899.81    0.00        11899.81   
  77       2828986      1        2        126537       0.41   4        0        35643       31634.25    0.00        31634.25   
  78       2024140      1        2        138796       0.45   4        0        35572       34699.00    0.00        34699.00   
  79       2010140      1        7        685008       2.22   130      0        35536       5269.29     0.00        5269.29    
  80       2828190      1        2        101968       0.33   4        0        35415       25492.00    0.00        25492.00   
  81       2022502      1        4        97567        0.32   4        0        35053       24391.75    0.00        24391.75   
  82       2015877      1        6        126599       0.41   4        0        35051       31649.75    0.00        31649.75   
  83       2827750      1        2        99221        0.32   4        0        35033       24805.25    0.00        24805.25   
  84       2822601      1        4        101134       0.33   4        0        34790       25283.50    0.00        25283.50   
  85       2024141      1        2        135698       0.44   4        0        34780       33924.50    0.00        33924.50   
  86       2024135      1        2        135436       0.44   4        0        34535       33859.00    0.00        33859.00   
  87       2809511      1        4        135352       0.44   4        0        34167       33838.00    0.00        33838.00   
  88       2806132      1        3        121475       0.39   4        0        33553       30368.75    0.00        30368.75   
  89       2823488      1        2        128308       0.41   4        0        33552       32077.00    0.00        32077.00   
  90       2023626      1        3        334139       1.08   104      0        33366       3212.88     0.00        3212.88    
  91       2816328      1        5        120530       0.39   4        0        30759       30132.50    0.00        30132.50   
  92       2823784      1        2        189751       0.61   12       0        30660       15812.58    0.00        15812.58   
  93       2830613      1        2        118719       0.38   4        0        30585       29679.75    0.00        29679.75   
  94       2826281      1        2        424458       1.37   28       0        30135       15159.21    0.00        15159.21   
  95       2821884      1        3        102008       0.33   4        0        30034       25502.00    0.00        25502.00   
  96       2816929      1        4        111205       0.36   4        0        29802       27801.25    0.00        27801.25   
  97       2803902      1        3        107890       0.35   4        0        29574       26972.50    0.00        26972.50   
  98       2828198      1        2        115493       0.37   4        0        29566       28873.25    0.00        28873.25   
  99       2024771      1        1        113465       0.37   4        0        29462       28366.25    0.00        28366.25   
  100      2823858      1        3        113635       0.37   4        0        29266       28408.75    0.00        28408.75   
  101      2816055      1        2        113679       0.37   4        0        28847       28419.75    0.00        28419.75   
  102      2017948      1        2        158003       0.51   8        0        28823       19750.38    0.00        19750.38   
  103      2829848      1        2        112354       0.36   4        0        28774       28088.50    0.00        28088.50   
  104      2827580      1        7        113479       0.37   4        0        28658       28369.75    0.00        28369.75   
  105      2816922      1        5        109994       0.36   4        0        28490       27498.50    0.00        27498.50   
  106      2819673      1        4        110861       0.36   4        0        28301       27715.25    0.00        27715.25   
  107      2828008      1        2        110745       0.36   4        0        27972       27686.25    0.00        27686.25   
  108      2816925      1        3        108083       0.35   4        0        27475       27020.75    0.00        27020.75   
  109      2816928      1        3        107379       0.35   4        0        27435       26844.75    0.00        26844.75   
  110      2023217      1        1        105870       0.34   4        0        27317       26467.50    0.00        26467.50   
  111      2816931      1        3        106344       0.34   4        0        27238       26586.00    0.00        26586.00   
  112      2102123      1        7        102080       0.33   4        0        27223       25520.00    0.00        25520.00   
  113      2102110      1        4        38479        0.12   4        0        27105       9619.75     0.00        9619.75    
  114      2023619      1        3        70367        0.23   18       0        26634       3909.28     0.00        3909.28    
  115      2826256      1        2        92963        0.30   4        0        26590       23240.75    0.00        23240.75   
  116      2804785      1        2        93313        0.30   4        0        25219       23328.25    0.00        23328.25   
  117      2016706      1        20       92878        0.30   4        0        24921       23219.50    0.00        23219.50   
  118      2808852      1        4        90289        0.29   4        0        24877       22572.25    0.00        22572.25   
  119      2808851      1        4        87877        0.28   4        0        24454       21969.25    0.00        21969.25   
  120      2024606      1        2        90049        0.29   4        0        24355       22512.25    0.00        22512.25   
  121      2825092      1        2        86924        0.28   4        0        24007       21731.00    0.00        21731.00   
  122      2816857      1        2        88168        0.29   4        0        23991       22042.00    0.00        22042.00   
  123      2023614      1        3        191082       0.62   64       0        23602       2985.66     0.00        2985.66    
  124      2816165      1        5        89152        0.29   4        0        23108       22288.00    0.00        22288.00   
  125      2814336      1        2        8

This file has been truncated. Go here to download in full.


packet_stats.log - (15543 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             3         15639466       19628276      17294038         51.9m    0.45
 IPv4       2            14          2411049       58665288      30609567        428.5m    3.76
 IPv4       6            56         63187849      100383251      81327091          4.6b   39.93
 IPv4      17           146          2936661       91412655      43632057          6.4b   55.86
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             3            81686         141787        121016        363.0k    0.30
TMM_FLOWWORKER              IPv4       2            14            89696         406641        126024          1.8m    1.48
TMM_FLOWWORKER              IPv4       6            56            68355        3799466        622876         34.9m   29.22
TMM_FLOWWORKER              IPv4      17           146           124554       12740462        488008         71.2m   59.69
TMM_RECEIVEPCAPFILE         IPv4       1             3             2759           2802          2787          8.4k    0.01
TMM_RECEIVEPCAPFILE         IPv4       2            14             2582           3262          2851         39.9k    0.03
TMM_RECEIVEPCAPFILE         IPv4       6            56             2536           9989          3088        172.9k    0.14
TMM_RECEIVEPCAPFILE         IPv4      17           146             2545        9783688         69830         10.2m    8.54
TMM_DECODEPCAPFILE          IPv4       1             3             2990          17346          7792         23.4k    0.02
TMM_DECODEPCAPFILE          IPv4       2            14             2673          14050          3704         51.9k    0.04
TMM_DECODEPCAPFILE          IPv4       6            56             2647          12228          3138        175.7k    0.15
TMM_DECODEPCAPFILE          IPv4      17           146             2669          19239          3064        447.4k    0.37

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             3             3074           3960          3573         10.7k  0.01  
flow                    IPv4       6            56             2989           4649          3443        192.8k  0.21  
flow                    IPv4      17           146             2824          38425          4366        637.5k  0.70  
stream                  IPv4       6            56             3634         446114         28039          1.6m  1.71  
app-layer               IPv4      17           146             2523       12434132         93968         13.7m  14.97 
detect                  IPv4       1             3            69264         130207        108813        326.4k  0.36  
detect                  IPv4       2            14            84217         400191        118357          1.7m  1.81  
detect                  IPv4       6            56            45493        3758753        559393         31.3m  34.18 
detect                  IPv4      17           146           108063        1307736        287971         42.0m  45.87 
tcp-prune               IPv4       6            56             2549          12180          3186        178.4k  0.19  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             4             4915          10326          6562         26.2k  7.29  
dns                     IPv4      17            66             3507          22068          5056        333.7k  92.71 
Proto detect            IPv4      17            67             2943          35593          5355        358.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17            56            27194        9560018        215668         12.1m  94.31 
LOGGER_JSON_HTTP            IPv4       6             4            81568         174556        118498        474.0k  3.70  
LOGGER_JSON_FILE            IPv4       6             4            56844          74335         63828        255.3k  1.99  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             3             9948          20023         13650        41.0k  0.51  
payload                           IPv4       6            24             2812         155354         55397         1.3m  16.58 
payload                           IPv4      17           146             3204         396698         14534         2.1m  26.46 
stream                            IPv4       6            24             2555         399811         75574         1.8m  22.62 
http_uri                          IPv4       6             4            11077          13687         12762        51.0k  0.64  
http_request_line                 IPv4       6             4             5923           8740          7423        29.7k  0.37  
http_client_body                  IPv4       6             8             2938         229952        106643       853.1k  10.64 
http_header (request)             IPv4       6             4            82712         102985         94873       379.5k  4.73  
http_header (request trailer)     IPv4       6             4             2706           2990          2863        11.5k  0.14  
http_header_names (request)       IPv4       6             4            19269          81179         37207       148.8k  1.86  
http_accept (request)             IPv4       6             4             3548           5178          4235        16.9k  0.21  
http_referer (request)            IPv4       6             4             3232           3603          3426        13.7k  0.17  
http_content_len (request)        IPv4       6             4             5128           5945          5343        21.4k  0.27  
http_content_type (request)       IPv4       6             4            11733          13348         12276        49.1k  0.61  
http_protocol (request)           IPv4       6             4             6323           9598          7842        31.4k  0.39  
http_start (request)              IPv4       6             4            12587          16665         14113        56.5k  0.70  
http_raw_header (request)         IPv4       6             8             5882          32015         13521       108.2k  1.35  
http_method                       IPv4       6             4             6745          36086         14446        57.8k  0.72  
http_cookie (request)             IPv4       6             4             3128           5336          3918        15.7k  0.20  
http_raw_uri                      IPv4       6             4             6041          20631         10092        40.4k  0.50  
http_user_agent                   IPv4       6             4            30155          61797         39508       158.0k  1.97  
http_host                         IPv4       6             4             7310          29855         13593        54.4k  0.68  
dns_query                         IPv4      17            28             3406          61628          9221       258.2k  3.22  
http_response_line                IPv4       6             4             6292           7423          6999        28.0k  0.35  
http_header (response)            IPv4       6             4            38321          60430         46158       184.6k  2.30  
http_header (response trailer)    IPv4       6             4             2594           3597          2860        11.4k  0.14  
http_content_type (response)      IPv4       6             4             7769          11589          9260        37.0k  0.46  
http_raw_header (response)        IPv4       6             4             9141          24507         13423        53.7k  0.67  
http_cookie (response)            IPv4       6             4             3483           4800          3892        15.6k  0.19  
http_stat_code                    IPv4       6             4             6428           7320          6841        27.4k  0.34  
Total                             IPv4                   333                                         24081         8.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             2            36936          37219         37077         74.2k  0.08  
PROF_DETECT_IPONLY          IPv4       2            14            37296          80426         42623        596.7k  0.67  
PROF_DETECT_IPONLY          IPv4       6             8             7723          70891         34712        277.7k  0.31  
PROF_DETECT_IPONLY          IPv4      17            69            37037         447185         50288          3.5m  3.91  
PROF_DETECT_RULES           IPv4       1             3             8154          21405         15063         45.2k  0.05  
PROF_DETECT_RULES           IPv4       2            14             2527           2864          2621         36.7k  0.04  
PROF_DETECT_RULES           IPv4       6            56             2744        3214928        372687         20.9m  23.52 
PROF_DETECT_RULES           IPv4      17           146            46278        1218769        155380         22.7m  25.57 
PROF_DETECT_STATEFUL_START    IPv4       6            16             5201        1730621        595047          9.5m  10.73 
PROF_DETECT_STATEFUL_CONT    IPv4       1             3             2511           2739          2662          8.0k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             2510           3038          2595         36.3k  0.04  
PROF_DETECT_STATEFUL_CONT    IPv4       6            56             2510          70086          9204        515.4k  0.58  
PROF_DETECT_STATEFUL_CONT    IPv4      17           146             2510         391147         10168          1.5m  1.67  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            36             2553           3311          2759         99.3k  0.11  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            56             2577           3969          2793        156.4k  0.18  
PROF_DETECT_PREFILTER       IPv4       1             3            26552          36967         32695         98.1k  0.11  
PROF_DETECT_PREFILTER       IPv4       2            14             7889          14700          9590        134.3k  0.15  
PROF_DETECT_PREFILTER       IPv4       6            56             7913         704375        130014          7.3m  8.21  
PROF_DETECT_PREFILTER       IPv4      17           146            23771         446402         46275          6.8m  7.61  
PROF_DETECT_PF_PAYLOAD      IPv4       1             3            15247          25337         18951         56.9k  0.06  
PROF_DETECT_PF_PAYLOAD      IPv4       6            24            43842         410658        139455          3.3m  3.77  
PROF_DETECT_PF_PAYLOAD      IPv4      17           146             8294         401782         20810          3.0m  3.42  
PROF_DETECT_PF_TX           IPv4       6            36             2684         361314         80421          2.9m  3.26  
PROF_DETECT_PF_TX           IPv4      17            28             8609          68512         14860        416.1k  0.47  
PROF_DETECT_PF_SORT1        IPv4       1             1             2619           2619          2619          2.6k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6            24             2789          18027          6361        152.7k  0.17  
PROF_DETECT_PF_SORT1        IPv4      17           146             2620          19054          3967        579.3k  0.65  
PROF_DETECT_PF_SORT2        IPv4       1             3             2932           3487          3182          9.5k  0.01  
PROF_DETECT_PF_SORT2        IPv4       2            14             2526           2983          2672         37.4k  0.04  
PROF_DETECT_PF_SORT2        IPv4       6            56             2536          15774          3393        190.0k  0.21  
PROF_DETECT_PF_SORT2        IPv4      17           146             2546          16023          3035        443.1k  0.50  
PROF_DETECT_NONMPMLIST      IPv4       1             3             2744           2797          2770          8.3k  0.01  
PROF_DETECT_NONMPMLIST      IPv4       2            14             2514           3182          2718         38.1k  0.04  
PROF_DETECT_NONMPMLIST      IPv4       6            56             2545          52176          4215        236.1k  0.27  
PROF_DETECT_NONMPMLIST      IPv4      17           146             2529         388070          5693        831.2k  0.94  
PROF_DETECT_ALERT           IPv4       1             3             2531           2541          2535          7.6k  0.01  
PROF_DETECT_ALERT           IPv4       2            14             2523          16673          3604         50.5k  0.06  
PROF_DETECT_ALERT           IPv4       6            56             2519           3698          2758        154.5k  0.17  
PROF_DETECT_ALERT           IPv4      17           146             2523           8027          2796        408.3k  0.46  
PROF_DETECT_CLEANUP         IPv4       1             3             2582           2634          2611          7.8k  0.01  
PROF_DETECT_CLEANUP         IPv4       2            14             2516           2916          2633         36.9k  0.04  
PROF_DETECT_CLEANUP         IPv4       6            56             2579          14762          3279        183.6k  0.21  
PROF_DETECT_CLEANUP         IPv4      17           146             2519           6384          2954        431.3k  0.49  
PROF_DETECT_GETSGH          IPv4       1             3             2785           2849          2813          8.4k  0.01  
PROF_DETECT_GETSGH          IPv4       2            14             2582           3216          2820         39.5k  0.04  
PROF_DETECT_GETSGH          IPv4       6            56             2539          20163          3845        215.4k  0.24  
PROF_DETECT_GETSGH          IPv4      17           146             2520          29288          5184        756.9k  0.85  


stats.log - (2838 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 5/14/2019 -- 15:33:25 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 247
decoder.bytes                              | Total                     | 32504
decoder.ipv4                               | Total                     | 219
decoder.ethernet                           | Total                     | 247
decoder.tcp                                | Total                     | 56
decoder.udp                                | Total                     | 146
decoder.icmpv4                             | Total                     | 3
decoder.avg_pkt_size                       | Total                     | 131
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 4
flow.udp                                   | Total                     | 41
tcp.sessions                               | Total                     | 4
tcp.syn                                    | Total                     | 4
tcp.synack                                 | Total                     | 4
detect.mpm_list                            | Total                     | 13
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 14
app_layer.flow.http                        | Total                     | 4
app_layer.tx.http                          | Total                     | 4
app_layer.flow.dns_udp                     | Total                     | 28
app_layer.tx.dns_udp                       | Total                     | 28
app_layer.flow.failed_udp                  | Total                     | 13
flow.spare                                 | Total                     | 9989
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456


eve.json - (23053 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{"timestamp":"2019-02-06T19:45:08.867407+0000","flow_id":2038602892852303,"pcap_cnt":22,"event_type":"dns","src_ip":"192.168.56.117","src_port":49266,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":15681,"rrname":"b.9.d.1.8.0.5.6.0.f.9.8.1.e.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:08.907462+0000","flow_id":1903191163984070,"pcap_cnt":23,"event_type":"dns","src_ip":"192.168.56.117","src_port":62242,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49001,"rrname":"112.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:09.062046+0000","flow_id":2038602892852303,"pcap_cnt":24,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":49266,"proto":"UDP","dns":{"type":"answer","id":15681,"rcode":"NOERROR","rrname":"b.9.d.1.8.0.5.6.0.f.9.8.1.e.1.a.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:09.091435+0000","flow_id":1903191163984070,"pcap_cnt":27,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":62242,"proto":"UDP","dns":{"type":"answer","id":49001,"rcode":"NOERROR","rrname":"112.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:10.060809+0000","flow_id":1098273490660745,"pcap_cnt":42,"event_type":"dns","src_ip":"192.168.56.117","src_port":51844,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44045,"rrname":"d.8.1.f.9.a.f.a.0.9.2.1.c.3.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:10.061971+0000","flow_id":2190734929621523,"pcap_cnt":43,"event_type":"dns","src_ip":"192.168.56.117","src_port":61230,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6721,"rrname":"107.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:10.245881+0000","flow_id":2190734929621523,"pcap_cnt":44,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":61230,"proto":"UDP","dns":{"type":"answer","id":6721,"rcode":"NOERROR","rrname":"107.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:10.258366+0000","flow_id":1098273490660745,"pcap_cnt":45,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":51844,"proto":"UDP","dns":{"type":"answer","id":44045,"rcode":"NOERROR","rrname":"d.8.1.f.9.a.f.a.0.9.2.1.c.3.9.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:17.927520+0000","flow_id":1929858616469280,"pcap_cnt":126,"event_type":"dns","src_ip":"192.168.56.117","src_port":55679,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":16198,"rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:17.939804+0000","flow_id":696148588058396,"pcap_cnt":127,"event_type":"dns","src_ip":"192.168.56.117","src_port":57977,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56231,"rrname":"108.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:18.118758+0000","flow_id":1929858616469280,"pcap_cnt":128,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":55679,"proto":"UDP","dns":{"type":"answer","id":16198,"rcode":"NOERROR","rrname":"f.e.b.2.b.3.a.b.0.5.3.6.b.7.c.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:18.125232+0000","flow_id":696148588058396,"pcap_cnt":129,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":57977,"proto":"UDP","dns":{"type":"answer","id":56231,"rcode":"NOERROR","rrname":"108.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:18.740541+0000","flow_id":518218830466237,"pcap_cnt":130,"event_type":"dns","src_ip":"192.168.56.117","src_port":60735,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3104,"rrname":"103.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:18.927185+0000","flow_id":518218830466237,"pcap_cnt":131,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":60735,"proto":"UDP","dns":{"type":"answer","id":3104,"rcode":"NOERROR","rrname":"103.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:24.986972+0000","flow_id":580326205427548,"pcap_cnt":132,"event_type":"dns","src_ip":"192.168.56.117","src_port":57946,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12309,"rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:24.987250+0000","flow_id":983666584195186,"pcap_cnt":133,"event_type":"dns","src_ip":"192.168.56.117","src_port":55739,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":12319,"rrname":"104.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:25.179155+0000","flow_id":580326205427548,"pcap_cnt":134,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":57946,"proto":"UDP","dns":{"type":"answer","id":12309,"rcode":"NOERROR","rrname":"f.2.b.3.d.e.b.d.4.4.e.3.d.d.c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:25.179804+0000","flow_id":983666584195186,"pcap_cnt":135,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":55739,"proto":"UDP","dns":{"type":"answer","id":12319,"rcode":"NOERROR","rrname":"104.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:32.356157+0000","flow_id":455836578901821,"pcap_cnt":136,"event_type":"dns","src_ip":"192.168.56.117","src_port":53100,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64567,"rrname":"2.e.c.7.d.3.a.a.d.1.a.c.1.f.d.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:32.360036+0000","flow_id":312951606902372,"pcap_cnt":137,"event_type":"dns","src_ip":"192.168.56.117","src_port":62156,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":27316,"rrname":"114.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:32.545739+0000","flow_id":312951606902372,"pcap_cnt":138,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":62156,"proto":"UDP","dns":{"type":"answer","id":27316,"rcode":"NOERROR","rrname":"114.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:32.555484+0000","flow_id":455836578901821,"pcap_cnt":139,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":53100,"proto":"UDP","dns":{"type":"answer","id":64567,"rcode":"NOERROR","rrname":"2.e.c.7.d.3.a.a.d.1.a.c.1.f.d.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:40.596276+0000","flow_id":787257730799924,"pcap_cnt":140,"event_type":"dns","src_ip":"192.168.56.117","src_port":65222,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35507,"rrname":"c.1.1.9.2.8.1.f.9.6.b.7.f.5.1.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:40.600789+0000","flow_id":1955375018683093,"pcap_cnt":141,"event_type":"dns","src_ip":"192.168.56.117","src_port":57113,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":34623,"rrname":"109.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:40.785833+0000","flow_id":1955375018683093,"pcap_cnt":142,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":57113,"proto":"UDP","dns":{"type":"answer","id":34623,"rcode":"NOERROR","rrname":"109.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:40.802120+0000","flow_id":787257730799924,"pcap_cnt":143,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":65222,"proto":"UDP","dns":{"type":"answer","id":35507,"rcode":"NOERROR","rrname":"c.1.1.9.2.8.1.f.9.6.b.7.f.5.1.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:50.862398+0000","flow_id":2249292516305086,"pcap_cnt":144,"event_type":"dns","src_ip":"192.168.56.117","src_port":57506,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":763,"rrname":"f.0.7.f.3.f.5.9.6.c.2.9.a.c.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:51.052241+0000","flow_id":2249292516305086,"pcap_cnt":145,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":57506,"proto":"UDP","dns":{"type":"answer","id":763,"rcode":"NOERROR","rrname":"f.0.7.f.3.f.5.9.6.c.2.9.a.c.c.f.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:45:51.127927+0000","flow_id":1030297045955511,"pcap_cnt":146,"event_type":"dns","src_ip":"192.168.56.117","src_port":52034,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1581,"rrname":"102.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:45:51.312524+0000","flow_id":1030297045955511,"pcap_cnt":147,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":52034,"proto":"UDP","dns":{"type":"answer","id":1581,"rcode":"NOERROR","rrname":"102.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:46:01.812240+0000","flow_id":1455537463583952,"pcap_cnt":148,"event_type":"dns","src_ip":"192.168.56.117","src_port":55906,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39536,"rrname":"2.e.0.0.4.9.e.9.9.4.f.5.6.9.d.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:46:01.949232+0000","flow_id":1240896472972272,"pcap_cnt":149,"event_type":"dns","src_ip":"192.168.56.117","src_port":51473,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38919,"rrname":"111.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:46:02.002839+0000","flow_id":1455537463583952,"pcap_cnt":150,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":55906,"proto":"UDP","dns":{"type":"answer","id":39536,"rcode":"NOERROR","rrname":"2.e.0.0.4.9.e.9.9.4.f.5.6.9.d.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:46:02.135694+0000","flow_id":1240896472972272,"pcap_cnt":151,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":51473,"proto":"UDP","dns":{"type":"answer","id":38919,"rcode":"NOERROR","rrname":"111.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:46:11.763402+0000","flow_id":31530319848970,"pcap_cnt":152,"event_type":"dns","src_ip":"192.168.56.117","src_port":52838,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":28262,"rrname":"7.c.c.7.9.7.d.7.7.4.d.b.c.5.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:46:11.766846+0000","flow_id":1719778884694910,"pcap_cnt":153,"event_type":"dns","src_ip":"192.168.56.117","src_port":62325,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3150,"rrname":"106.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:46:11.958259+0000","flow_id":31530319848970,"pcap_cnt":154,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":52838,"proto":"UDP","dns":{"type":"answer","id":28262,"rcode":"NOERROR","rrname":"7.c.c.7.9.7.d.7.7.4.d.b.c.5.5.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:46:11.958874+0000","flow_id":1719778884694910,"pcap_cnt":155,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":62325,"proto":"UDP","dns":{"type":"answer","id":3150,"rcode":"NOERROR","rrname":"106.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:46:15.823041+0000","flow_id":1286528353931009,"pcap_cnt":156,"event_type":"dns","src_ip":"192.168.56.117","src_port":56669,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33132,"rrname":"7.7.6.8.b.5.2.b.3.c.b.3.4.9.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:46:16.020289+0000","flow_id":1286528353931009,"pcap_cnt":157,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":56669,"proto":"UDP","dns":{"type":"answer","id":33132,"rcode":"NOERROR","rrname":"7.7.6.8.b.5.2.b.3.c.b.3.4.9.0.4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:46:23.898188+0000","flow_id":2096056675316876,"pcap_cnt":158,"event_type":"dns","src_ip":"192.168.56.117","src_port":54012,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22081,"rrname":"8.1.3.6.4.0.a.6.a.f.d.3.6.4.c.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:46:23.907558+0000","flow_id":918400265083174,"pcap_cnt":159,"event_type":"dns","src_ip":"192.168.56.117","src_port":56096,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":35141,"rrname":"105.56.168.192.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:46:24.093798+0000","flow_id":2096056675316876,"pcap_cnt":160,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":54012,"proto":"UDP","dns":{"type":"answer","id":22081,"rcode":"NOERROR","rrname":"8.1.3.6.4.0.a.6.a.f.d.3.6.4.c.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:46:24.094312+0000","flow_id":918400265083174,"pcap_cnt":161,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":56096,"proto":"UDP","dns":{"type":"answer","id":35141,"rcode":"NOERROR","rrname":"105.56.168.192.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:46:25.889355+0000","flow_id":1680005340959243,"pcap_cnt":170,"event_type":"dns","src_ip":"192.168.56.117","src_port":62108,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":3700,"rrname":"250.255.255.239.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:46:26.073750+0000","flow_id":1680005340959243,"pcap_cnt":171,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":62108,"proto":"UDP","dns":{"type":"answer","id":3700,"rcode":"NOERROR","rrname":"250.255.255.239.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-02-06T19:46:33.814284+0000","flow_id":456676249005260,"pcap_cnt":180,"event_type":"dns","src_ip":"192.168.56.117","src_port":52177,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":44501,"rrname":"a.7.7.a.6.c.5.1.3.9.5.9.c.a.c.e.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-02-06T19:46:34.004985+0000","flow_id":456676249005260,"pcap_cnt":181,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.117","dest_port":52177,"proto":"UDP","dns":{"type":"answer","

This file has been truncated. Go here to download in full.


suricata-report-2019-05-14-T-15-33-25-05142019.1533-40389135b9319bd4b9b27e5ab03fa5c636f7cec47cd1cbb8e24259a125f20d5b.pcap.txt - (17763 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/f08e79c3551b47391447436f33975a3c56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05142019.1533-40389135b9319bd4b9b27e5ab03fa5c636f7cec47cd1cbb8e24259a125f20d5b.pcap -vvv -k none
elapsedtime:24.218199
stderr:
stdout:
14/5/2019 -- 15:33:01 - <Info> - Configuration node 'rule-files' redefined.
14/5/2019 -- 15:33:01 - <Notice> - This is Suricata version 4.0.0 RELEASE
14/5/2019 -- 15:33:01 - <Info> - CPUs/cores online: 1
14/5/2019 -- 15:33:01 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31390 and 'request-body-inspect-window' set to 16344 after randomization.
14/5/2019 -- 15:33:01 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32633 and 'response-body-inspect-window' set to 16621 after randomization.
14/5/2019 -- 15:33:01 - <Config> - DNS request flood protection level: 500
14/5/2019 -- 15:33:01 - <Config> - DNS per flow memcap (state-memcap): 524288
14/5/2019 -- 15:33:01 - <Config> - DNS global memcap: 16777216
14/5/2019 -- 15:33:01 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
14/5/2019 -- 15:33:01 - <Config> - preallocated 1000 hosts of size 136
14/5/2019 -- 15:33:01 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
14/5/2019 -- 15:33:01 - <Config> - using magic-file /usr/share/file/magic
14/5/2019 -- 15:33:01 - <Config> - Core dump size is unlimited.
14/5/2019 -- 15:33:01 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
14/5/2019 -- 15:33:01 - <Config> - preallocated 1000 defrag trackers of size 168
14/5/2019 -- 15:33:01 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
14/5/2019 -- 15:33:01 - <Config> - stream "prealloc-sessions": 2048 (per thread)
14/5/2019 -- 15:33:01 - <Config> - stream "memcap": 33554432
14/5/2019 -- 15:33:01 - <Config> - stream "midstream" session pickups: disabled
14/5/2019 -- 15:33:01 - <Config> - stream "async-oneside": disabled
14/5/2019 -- 15:33:01 - <Config> - stream "checksum-validation": disabled
14/5/2019 -- 15:33:01 - <Config> - stream."inline": disabled
14/5/2019 -- 15:33:01 - <Config> - stream "bypass": disabled
14/5/2019 -- 15:33:01 - <Config> - stream "max-synack-queued": 5
14/5/2019 -- 15:33:01 - <Config> - stream.reassembly "memcap": 134217728
14/5/2019 -- 15:33:01 - <Config> - stream.reassembly "depth": 0
14/5/2019 -- 15:33:01 - <Config> - stream.reassembly "toserver-chunk-size": 2462
14/5/2019 -- 15:33:01 - <Config> - stream.reassembly "toclient-chunk-size": 2555
14/5/2019 -- 15:33:01 - <Config> - stream.reassembly.raw: enabled
14/5/2019 -- 15:33:01 - <Config> - stream.reassembly "segment-prealloc": 2048
14/5/2019 -- 15:33:01 - <Config> - Delayed detect disabled
14/5/2019 -- 15:33:01 - <Config> - pattern matchers: MPM: ac, SPM: bm
14/5/2019 -- 15:33:01 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
14/5/2019 -- 15:33:01 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
14/5/2019 -- 15:33:01 - <Config> - prefilter engines: MPM
14/5/2019 -- 15:33:01 - <Config> - IP reputation disabled
14/5/2019 -- 15:33:01 - <Perf> - Registered 148 keyword profiling counters.
14/5/2019 -- 15:33:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
14/5/2019 -- 15:33:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
14/5/2019 -- 15:33:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
14/5/2019 -- 15:33:06 - <Config> - No rules loaded from ET-icmp.rules.
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
14/5/2019 -- 15:33:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
14/5/2019 -- 15:33:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
14/5/2019 -- 15:33:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
14/5/2019 -- 15:33:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
14/5/2019 -- 15:33:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
14/5/2019 -- 15:33:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
14/5/2019 -- 15:33:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
14/5/2019 -- 15:33:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
14/5/2019 -- 15:33:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
14/5/2019 -- 15:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
14/5/2019 -- 15:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
14/5/2019 -- 15:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
14/5/2019 -- 15:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
14/5/2019 -- 15:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
14/5/2019 -- 15:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
14/5/2019 -- 15:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
14/5/2019 -- 15:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
14/5/2019 -- 15:33:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
14/5/2019 -- 15:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
14/5/2019 -- 15:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
14/5/2019 -- 15:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
14/5/2019 -- 15:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
14/5/2019 -- 15:33:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
14/5/2019 -- 15:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
14/5/2019 -- 15:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
14/5/2019 -- 15:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
14/5/2019 -- 15:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
14/5/2019 -- 15:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
14/5/2019 -- 15:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
14/5/2019 -- 15:33:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
14/5/2019 -- 15:33:14 - <Config> - No rules loaded from local.rules.
14/5/2019 -- 15:33:14 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
14/5/2019 -- 15:33:14 - <Info> - Threshold config parsed: 0 rule(s) found
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for tcp-packet
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for tcp-stream
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for udp-packet
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for other-ip
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_uri
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_request_line
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_client_body
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_response_line
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_header
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_header
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_header_names
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_header_names
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_accept
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_accept_enc
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_accept_lang
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_referer
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_connection
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_content_len
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_content_len
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_content_type
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_content_type
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_protocol
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_protocol
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_start
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_start
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_raw_header
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_raw_header
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_method
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_cookie
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_cookie
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_raw_uri
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_user_agent
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_host
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_raw_host
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_stat_msg
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_stat_code
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for dns_query
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for tls_sni
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for tls_cert_issuer
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for tls_cert_subject
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for tls_cert_serial
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for dce_stub_data
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for dce_stub_data
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for ssh_protocol
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for ssh_protocol
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for ssh_software
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for ssh_software
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for file_data
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for file_data
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_request_line
14/5/2019 -- 15:33:15 - <Perf> - using shared mpm ctx' for http_response_line
14/5/2019 -- 15:33:15 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
14/5/2019 -- 15:33:15 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
14/5/2019 -- 15:33:15 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
14/5/2019 -- 15:33:15 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
14/5/2019 -- 15:33:15 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
14/5/2019 -- 15:33:15 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
14/5/2019 -- 15:33:15 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
14/5/2019 -- 15:33:15 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
14/5/2019 -- 15:33:22 - <Perf> - Unique rule groups: 104
14/5/2019 -- 15:33:22 - <Perf> - Builtin MPM "toserver TCP packet": 35
14/5/2019 -- 15:33:22 - <Perf> - Builtin MPM "toclient TCP packet": 17
14/5/2019 -- 15:33:22 - <Perf> - Builtin MPM "toserver TCP stream": 33
14/5/2019 -- 15:33:22 - <Perf> - Builtin MPM "toclient TCP stream": 19
14/5/2019 -- 15:33:22 - <Perf> - Builtin MPM "toserver UDP packet": 27
14/5/2019 -- 15:33:22 - <Perf> - Builtin MPM "toclient UDP packet": 17
14/5/2019 -- 15:33:22 - <Perf> - Builtin MPM "other IP packet": 3
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_uri": 14
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_request_line": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_client_body": 6
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient http_response_line": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_header": 10
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient http_header": 6
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_header_names": 2
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_accept": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_referer": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_content_len": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_content_type": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient http_content_type": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_protocol": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_start": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_method": 5
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_cookie": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient http_cookie": 2
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver http_host": 2
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver dns_query": 4
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver tls_sni": 2
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toserver file_data": 1
14/5/2019 -- 15:33:22 - <Perf> - AppLayer MPM "toclient file_data": 7
14/5/2019 -- 15:33:24 - <Perf> - Registered 39590 rule profiling counters.
14/5/2019 -- 15:33:24 - <Info> - fast output device (regular) initialized: alert
14/5/2019 -- 15:33:24 - <Info> - eve-log output device (regular) initialized: eve.json
14/5/2019 -- 15:33:24 - <Config> - enabling 'eve-log' module 'alert'
14/5/2019 -- 15:33:24 - <Config> - enabling 'eve-log' module 'http'
14/5/2019 -- 15:33:24 - <Config> - enabling 'eve-log' module 'dns'
14/5/2019 -- 15:33:24 - <Config> - enabling 'eve-log' module 'tls'
14/5/2019 -- 15:33:24 - <Config> - enabling 'eve-log' module 'files'
14/5/2019 -- 15:33:24 - <Config> - enabling 'eve-log' module 'ssh'
14/5/2019 -- 15:33:24 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
14/5/2019 -- 15:33:24 - <Info> - stats output device (regular) initialized: stats.log
14/5/2019 -- 15:33:24 - <Config> - AutoFP mode using "Hash" flow load balancer
14/5/2019 -- 15:33:24 - <Info> - reading pcap file /var/pcap/05142019.1533-40389135b9319bd4b9b27e5ab03fa5c636f7cec47cd1cbb8e24

This file has been truncated. Go here to download in full.


keyword_perf.log - (10190 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/14/2019 -- 15:33:25
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1739543         460             460             64980           3781.00         3781.00         0.00           
  content          5781778         1334            780             78033           4334.00         4080.00         4690.00        
  pcre             1741525         110             32              1016615         15832.00        6611.00         19614.00       
  byte_test        693813          226             102             30317           3069.00         3139.00         3013.00        
  byte_jump        19099           6               6               4514            3183.00         3183.00         0.00           
  isdataat         5551            2               0               2803            2775.00         0.00            2775.00        
  urilen           246562          76              12              4584            3244.00         3093.00         3272.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1739543         460             460             64980           3781.00         3781.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1804863         502             268             23508           3595.00         3457.00         3753.00        
  pcre             1108212         18              0               1016615         61567.00        0.00            61567.00       
  byte_test        693813          226             102             30317           3069.00         3139.00         3013.00        
  byte_jump        19099           6               6               4514            3183.00         3183.00         0.00           
  isdataat         5551            2               0               2803            2775.00         0.00            2775.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          474955          116             76              28791           4094.00         4406.00         3501.00        
  pcre             300545          48              28              16100           6261.00         6553.00         5852.00        
  urilen           246562          76              12              4584            3244.00         3093.00         3272.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1082895         144             36              78033           7520.00         7577.00         7500.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1732984         392             276             40993           4420.00         4291.00         4728.00        
  pcre             277972          36              4               19574           7721.00         7016.00         7809.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          109732          28              4               4848            3919.00         3978.00         3909.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          44420           12              12              4516            3701.00         3701.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_protocol
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          13785           4               4               3462            3446.00         3446.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          246490          68              60              16929           3624.00         3624.00         3630.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          245783          60              40              17497           4096.00         3996.00         4296.00        
  pcre             54796           8               0               14673           6849.00         0.00            6849.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          25871           8               4               3343            3233.00         3247.00         3220.00        


IDSDeathBlossom.py.log - (1204 bytes) - download
1
2
3
4
5
6
7
8
2019-05-14 15:33:00,307 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-14 15:33:01,087 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-14 15:33:01,087 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-14 15:33:01,088 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-14 15:33:01,088 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-14 15:33:01,088 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/f08e79c3551b47391447436f33975a3c56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05142019.1533-40389135b9319bd4b9b27e5ab03fa5c636f7cec47cd1cbb8e24259a125f20d5b.pcap -vvv -k none
2019-05-14 15:33:25,309 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-14 15:33:25,310 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.0126361847