Filename: 84ca1351-ef4f-459a-8e5e-c6074619a5a4.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-base
Runtime: 18.7768070698 seconds
Hash: f5d9ad21f869f566a0748f0f24c5bf74
Uploaded: 1549281054

Logfiles


unified2.alert.1549281072 - (6096 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
4\Tkހ+*¹
DÌÀ¨d»À‹´\Tk\Tkހ˜EŠ”Ò¹
DÌÀ¨d»À‹PøQM‹Ùo]]°Fd-øÅþՑ¦ÃóŦiÏ~DÅg9®ú#Á&  û}PAA×hÏßüû ¾§×£j¶Ùé\Qy‡J^rï/ÿþú÷ô0‚ð0‚Ø 	’ÒPG)Ó0
	*†H†÷
0
10	UUS0
190125082417Z
200125082417Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚·tH:EO
JL]TXìGÛ-[1ë–j$•Åð  ÈECjbŠ_†Ñ›1â.;!ûÊ
ÏF©p›É¤ÐkŽ…‚Ž%¥#C|™MåÞfYD–4GxÇ^ô*Øç撐_Ñï)Qn}ýÔÍzñ[s“…ÞÇ{™~øzý\.ü6•€$ÿl–!aЇLù§ñ8!dºŒõ’2¶Ëùi,»«íM[3§ƒÅDt§)i"§öK‡þê¨Û&qÅ×!Q@¥Žg	6qPx/š¹vv ´‡’(ñƒ¸Oœ¦csB²½x	·Yîfý^ùAdäM*%𾥂®‡0}Ju‡£S0Q0U| ªÕ±)‚Ý_ÛàZäїÿ90U#0€| ªÕ±)‚Ý_ÛàZäїÿ90Uÿ0ÿ0
	*†H†÷
‚yÄ•©Xx3xI/§7æs/uRÇÕ?
ó	ÁoØMÇBŠt¢Âµ6-.+ãÔ·EŽÃ&ÌZë3{¯/ÜúËJâà¤w«©ºçnŠ6–ƒ¤t7‰pŠ»˜Ú2€Ì¹[Ñ¥Ô·aÑmä\¢ÔîZáÞ´ˆx¥–ÇW!'Øy¬žz0ñʚ'33ƒâ{0…ƒ…
~@'?PÇvVË:ŸvOÇZGc¯¼Ea-c¢i§MÊGa–©|gß£àŸšÀє¼ðfª3ðÞ{'ñK3νϚ­q[¥_íòßÙ
ˎ	Ž»ëöÛ>´®SX¦K’¤ðÇ3ÄtÆNó4\Ty²>+*¹
DÌÀ¨d»ÁT´\Ty\Ty²>˜EŠ”Ò¹
DÌÀ¨d»ÁTPۉQMQÇxäÇÔ.Ç¡u7\QâJ»ÇP'sÄð6xm­{µù£ G³8Y+ƒ*Cc!0ª¡<?OST§Òrb	Ø´ÏB Œ@/ÿþú÷ô0‚ð0‚Ø 	’ÒPG)Ó0
	*†H†÷
0
10	UUS0
190125082417Z
200125082417Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚·tH:EO
JL]TXìGÛ-[1ë–j$•Åð  ÈECjbŠ_†Ñ›1â.;!ûÊ
ÏF©p›É¤ÐkŽ…‚Ž%¥#C|™MåÞfYD–4GxÇ^ô*Øç撐_Ñï)Qn}ýÔÍzñ[s“…ÞÇ{™~øzý\.ü6•€$ÿl–!aЇLù§ñ8!dºŒõ’2¶Ëùi,»«íM[3§ƒÅDt§)i"§öK‡þê¨Û&qÅ×!Q@¥Žg	6qPx/š¹vv ´‡’(ñƒ¸Oœ¦csB²½x	·Yîfý^ùAdäM*%𾥂®‡0}Ju‡£S0Q0U| ªÕ±)‚Ý_ÛàZäїÿ90U#0€| ªÕ±)‚Ý_ÛàZäїÿ90Uÿ0ÿ0
	*†H†÷
‚yÄ•©Xx3xI/§7æs/uRÇÕ?
ó	ÁoØMÇBŠt¢Âµ6-.+ãÔ·EŽÃ&ÌZë3{¯/ÜúËJâà¤w«©ºçnŠ6–ƒ¤t7‰pŠ»˜Ú2€Ì¹[Ñ¥Ô·aÑmä\¢ÔîZáÞ´ˆx¥–ÇW!'Øy¬žz0ñʚ'33ƒâ{0…ƒ…
~@'?PÇvVË:ŸvOÇZGc¯¼Ea-c¢i§MÊGa–©|gß£àŸšÀє¼ðfª3ðÞ{'ñK3νϚ­q[¥_íòßÙ
ˎ	Ž»ëöÛ>´®SX¦K’¤ðÇ3ÄtÆNó4\Tˆ(+*¹
DÌÀ¨d»Â?´\Tˆ\Tˆ(˜EŠ”Ò¹
DÌÀ¨d»Â?PwQM
‹8¯VÅ%–|Õr%[dax°¡m/éÍ|’™€Z¼ž éfîñð/EM¾6FώÏ9(+[e	îE›|“iñ/ÿþú÷ô0‚ð0‚Ø 	’ÒPG)Ó0
	*†H†÷
0
10	UUS0
190125082417Z
200125082417Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚·tH:EO
JL]TXìGÛ-[1ë–j$•Åð  ÈECjbŠ_†Ñ›1â.;!ûÊ
ÏF©p›É¤ÐkŽ…‚Ž%¥#C|™MåÞfYD–4GxÇ^ô*Øç撐_Ñï)Qn}ýÔÍzñ[s“…ÞÇ{™~øzý\.ü6•€$ÿl–!aЇLù§ñ8!dºŒõ’2¶Ëùi,»«íM[3§ƒÅDt§)i"§öK‡þê¨Û&qÅ×!Q@¥Žg	6qPx/š¹vv ´‡’(ñƒ¸Oœ¦csB²½x	·Yîfý^ùAdäM*%𾥂®‡0}Ju‡£S0Q0U| ªÕ±)‚Ý_ÛàZäїÿ90U#0€| ªÕ±)‚Ý_ÛàZäїÿ90Uÿ0ÿ0
	*†H†÷
‚yÄ•©Xx3xI/§7æs/uRÇÕ?
ó	ÁoØMÇBŠt¢Âµ6-.+ãÔ·EŽÃ&ÌZë3{¯/ÜúËJâà¤w«©ºçnŠ6–ƒ¤t7‰pŠ»˜Ú2€Ì¹[Ñ¥Ô·aÑmä\¢ÔîZáÞ´ˆx¥–ÇW!'Øy¬žz0ñʚ'33ƒâ{0…ƒ…
~@'?PÇvVË:ŸvOÇZGc¯¼Ea-c¢i§MÊGa–©|gß£àŸšÀє¼ðfª3ðÞ{'ñK3νϚ­q[¥_íòßÙ
ˎ	Ž»ëöÛ>´®SX¦K’¤ðÇ3ÄtÆNó4\TŽc
+*¹
DÌÀ¨d»Â˜´\TŽ\TŽc
˜EŠ”Ò¹
DÌÀ¨d»Â˜Pß4QM䡋Ì`Ïë¬
4	ۜ¦îMc“Ó¡{ÿg˯¸–nXªˆÖ ²7Ó9Ã/ŸiGŒj[¡¦¯|»W¿Ùizr4¿/ÿþú÷ô0‚ð0‚Ø 	’ÒPG)Ó0
	*†H†÷
0
10	UUS0
190125082417Z
200125082417Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚·tH:EO
JL]TXìGÛ-[1ë–j$•Åð  ÈECjbŠ_†Ñ›1â.;!ûÊ
ÏF©p›É¤ÐkŽ…‚Ž%¥#C|™MåÞfYD–4GxÇ^ô*Øç撐_Ñï)Qn}ýÔÍzñ[s“…ÞÇ{™~øzý\.ü6•€$ÿl–!aЇLù§ñ8!dºŒõ’2¶Ëùi,»«íM[3§ƒÅDt§)i"§öK‡þê¨Û&qÅ×!Q@¥Žg	6qPx/š¹vv ´‡’(ñƒ¸Oœ¦csB²½x	·Yîfý^ùAdäM*%𾥂®‡0}Ju‡£S0Q0U| ªÕ±)‚Ý_ÛàZäїÿ90U#0€| ªÕ±)‚Ý_ÛàZäїÿ90Uÿ0ÿ0
	*†H†÷
‚yÄ•©Xx3xI/§7æs/uRÇÕ?
ó	ÁoØMÇBŠt¢Âµ6-.+ãÔ·EŽÃ&ÌZë3{¯/ÜúËJâà¤w«©ºçnŠ6–ƒ¤t7‰pŠ»˜Ú2€Ì¹[Ñ¥Ô·aÑmä\¢ÔîZáÞ´ˆx¥–ÇW!'Øy¬žz0ñʚ'33ƒâ{0…ƒ…
~@'?PÇvVË:ŸvOÇZGc¯¼Ea-c¢i§MÊGa–©|gß£àŸšÀє¼ðfª3ðÞ{'ñK3νϚ­q[¥_íòßÙ
ˎ	Ž»ëöÛ>´®SX¦K’¤ðÇ3ÄtÆNó4\T“	{/+*¹
DÌÀ¨d»Âí´\T“\T“	{/˜EŠ”Ò¹
DÌÀ¨d»ÂíPmQM|Hᰇ @ShEÛ%[bŽ+$0Ù$–T¥X~§‚² `ÇaP¸8’6w—bì2ӖjႾwY®;Ö/ÿþú÷ô0‚ð0‚Ø 	’ÒPG)Ó0
	*†H†÷
0
10	UUS0
190125082417Z
200125082417Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚·tH:EO
JL]TXìGÛ-[1ë–j$•Åð  ÈECjbŠ_†Ñ›1â.;!ûÊ
ÏF©p›É¤ÐkŽ…‚Ž%¥#C|™MåÞfYD–4GxÇ^ô*Øç撐_Ñï)Qn}ýÔÍzñ[s“…ÞÇ{™~øzý\.ü6•€$ÿl–!aЇLù§ñ8!dºŒõ’2¶Ëùi,»«íM[3§ƒÅDt§)i"§öK‡þê¨Û&qÅ×!Q@¥Žg	6qPx/š¹vv ´‡’(ñƒ¸Oœ¦csB²½x	·Yîfý^ùAdäM*%𾥂®‡0}Ju‡£S0Q0U| ªÕ±)‚Ý_ÛàZäїÿ90U#0€| ªÕ±)‚Ý_ÛàZäїÿ90Uÿ0ÿ0
	*†H†÷
‚yÄ•©Xx3xI/§7æs/uRÇÕ?
ó	ÁoØMÇBŠt¢Âµ6-.+ãÔ·EŽÃ&ÌZë3{¯/ÜúËJâà¤w«©ºçnŠ6–ƒ¤t7‰pŠ»˜Ú2€Ì¹[Ñ¥Ô·aÑmä\¢ÔîZáÞ´ˆx¥–ÇW!'Øy¬žz0ñʚ'33ƒâ{0…ƒ…
~@'?PÇvVË:ŸvOÇZGc¯¼Ea-c¢i§MÊGa–©|gß£àŸšÀє¼ðfª3ðÞ{'ñK3νϚ­q[¥_íòßÙ
ˎ	Ž»ëöÛ>´®SX¦K’¤ðÇ3ÄtÆNó4\T°Ga+*¹
DÌÀ¨d»Ä´\T°\T°Ga˜EŠ”Ò¹
DÌÀ¨d»ÄP%QM¹¤ú»BµÁnx™NMêe³€e‘<ZS7·’ýŠ0¬ Íòt!%ÃÔ©øX#éì6ÁÇÄÓöÐ.i“mÌ¡/ÿþú÷ô0‚ð0‚Ø 	’ÒPG)Ó0
	*†H†÷
0
10	UUS0
190125082417Z
200125082417Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚·tH:EO
JL]TXìGÛ-[1ë–j$•Åð  ÈECjbŠ_†Ñ›1â.;!ûÊ
ÏF©p›É¤ÐkŽ…‚Ž%¥#C|™MåÞfYD–4GxÇ^ô*Øç撐_Ñï)Qn}ýÔÍzñ[s“…ÞÇ{™~øzý\.ü6•€$ÿl–!aЇLù§ñ8!dºŒõ’2¶Ëùi,»«íM[3§ƒÅDt§)i"§öK‡þê¨Û&qÅ×!Q@¥Žg	6qPx/š¹vv ´‡’(ñƒ¸Oœ¦csB²½x	·Yîfý^ùAdäM*%𾥂®‡0}Ju‡£S0Q0U| ªÕ±)‚Ý_ÛàZäїÿ90U#0€| ªÕ±)‚Ý_ÛàZäїÿ90Uÿ0ÿ0
	*†H†÷
‚yÄ•©Xx3xI/§7æs/uRÇÕ?
ó	ÁoØMÇBŠt¢Âµ6-.+ãÔ·EŽÃ&ÌZë3{¯/ÜúËJâà¤w«©ºçnŠ6–ƒ¤t7‰pŠ»˜Ú2€Ì¹[Ñ¥Ô·aÑmä\¢ÔîZáÞ´ˆx¥–ÇW!'Øy¬žz0ñʚ'33ƒâ{0…ƒ…
~@'?PÇvVË:ŸvOÇZGc¯¼Ea-c¢i§MÊGa–©|gß£àŸšÀє¼ðfª3ðÞ{'ñK3νϚ­q[¥_íòßÙ
ˎ	Ž»ëöÛ>´®SX¦K’¤ðÇ3ÄtÆNó


suricata-4.0.0-etpro-base-alert-2019-02-04-T-11-51-13-02042019.1150-84ca1351-ef4f-459a-8e5e-c6074619a5a4.pcap.txt - (1392 bytes) - download
1
2
3
4
5
6
02/01/2019-09:24:59.974464  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.10.68.204:443 -> 192.168.100.29:49291
02/01/2019-09:25:13.176702  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.10.68.204:443 -> 192.168.100.29:49492
02/01/2019-09:25:28.206848  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.10.68.204:443 -> 192.168.100.29:49727
02/01/2019-09:25:34.090893  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.10.68.204:443 -> 192.168.100.29:49816
02/01/2019-09:25:39.621359  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.10.68.204:443 -> 192.168.100.29:49901
02/01/2019-09:26:08.411489  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.10.68.204:443 -> 192.168.100.29:50333


packet_stats.log - (17633 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           245          1344886       95356976      69407185         17.0b   77.76
 IPv4      17            34          8744361       96077890      45518759          1.5b    7.08
 IPv6      17            36          8951778       95604497      64401232          2.3b   10.60
 IPv6      58            15         64537177       69210666      66531779        998.0m    4.56
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           245            67078       11658552        260168         63.7m   70.10
TMM_FLOWWORKER              IPv4      17            34           119686        9870417        527588         17.9m   19.73
TMM_RECEIVEPCAPFILE         IPv4       6           238             2551          29038          3086        734.5k    0.81
TMM_RECEIVEPCAPFILE         IPv4      17            34             2588           3457          2937         99.9k    0.11
TMM_DECODEPCAPFILE          IPv4       6           238             2660          31666          3009        716.3k    0.79
TMM_DECODEPCAPFILE          IPv4      17            34             2691          24243          3569        121.3k    0.13
TMM_FLOWWORKER              IPv6      17            36           109846         328939        170257          6.1m    6.74
TMM_FLOWWORKER              IPv6      58            15            66872          99715         75877          1.1m    1.25
TMM_RECEIVEPCAPFILE         IPv6      17            36             2555           3492          2819        101.5k    0.11
TMM_RECEIVEPCAPFILE         IPv6      58            15             2560           3458          2761         41.4k    0.05
TMM_DECODEPCAPFILE          IPv6      17            36             2715          14682          3240        116.7k    0.13
TMM_DECODEPCAPFILE          IPv6      58            15             2813          11479          3514         52.7k    0.06

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           238             2855          24140          3394        807.8k  0.98  
flow                    IPv4      17            34             2691          30014          4537        154.3k  0.19  
stream                  IPv4       6           245             3138       10823773         58615         14.4m  17.45 
app-layer               IPv4      17            34             2534          43141          7387        251.2k  0.31  
detect                  IPv4       6           245            44793        8468100        172843         42.3m  51.44 
detect                  IPv4      17            34           103435        9847226        497609         16.9m  20.55 
tcp-prune               IPv4       6           245             2553          23414          3213        787.3k  0.96  
flow                    IPv6      17            36             2827          38719          5542        199.5k  0.24  
flow                    IPv6      58            15             2854          28906          4868         73.0k  0.09  
app-layer               IPv6      17            36             2533          26326          5683        204.6k  0.25  
detect                  IPv6      17            36            93279         309589        147117          5.3m  6.43  
detect                  IPv6      58            15            55581          86040         61267        919.0k  1.12  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2             9338          25116         17227         34.5k  29.43 
tls                     IPv4       6            12             2656           5010          3059         36.7k  31.36 
dns                     IPv4      17             2             9001          11862         10431         20.9k  17.82 
tls                     IPv6      17             9             2777           2794          2780         25.0k  21.38 
Proto detect            IPv4      17             7             2750          35869         12203         85.4k
Proto detect            IPv6      17            12             2936           7121          4073         48.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             6            17154          60281         26122        156.7k  7.46  
LOGGER_UNIFIED2             IPv4       6             6            23732         171561         59071        354.4k  16.86 
LOGGER_JSON_ALERT           IPv4       6             6            39151          71565         47165        283.0k  13.46 
LOGGER_JSON_DNS             IPv4      17             2            59071         160403        109737        219.5k  10.44 
LOGGER_JSON_HTTP            IPv4       6             1           128087         128087        128087        128.1k  6.09  
LOGGER_JSON_TLS             IPv4       6             6            42343         461797        134115        804.7k  38.28 
LOGGER_JSON_FILE            IPv4       6             1           155457         155457        155457        155.5k  7.40  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            94             2598        8253568        114401        10.8m  60.43 
payload                           IPv4      17            34             3489          77006         15486       526.5k  2.96  
stream                            IPv4       6            94             2547         358594         27146         2.6m  14.34 
http_uri                          IPv4       6             1            43857          43857         43857        43.9k  0.25  
http_request_line                 IPv4       6             1             7854           7854          7854         7.9k  0.04  
http_client_body                  IPv4       6             1             3929           3929          3929         3.9k  0.02  
http_header (request)             IPv4       6             1            68964          68964         68964        69.0k  0.39  
http_header (request trailer)     IPv4       6             1             2636           2636          2636         2.6k  0.01  
http_header_names (request)       IPv4       6             1            24431          24431         24431        24.4k  0.14  
http_accept (request)             IPv4       6             1             4739           4739          4739         4.7k  0.03  
http_referer (request)            IPv4       6             1             3339           3339          3339         3.3k  0.02  
http_content_len (request)        IPv4       6             1             4425           4425          4425         4.4k  0.02  
http_content_type (request)       IPv4       6             1             3859           3859          3859         3.9k  0.02  
http_protocol (request)           IPv4       6             1             6482           6482          6482         6.5k  0.04  
http_start (request)              IPv4       6             1            16260          16260         16260        16.3k  0.09  
http_raw_header (request)         IPv4       6             1            22030          22030         22030        22.0k  0.12  
http_method                       IPv4       6             1             6351           6351          6351         6.4k  0.04  
http_cookie (request)             IPv4       6             1             4121           4121          4121         4.1k  0.02  
http_raw_uri                      IPv4       6             1             7062           7062          7062         7.1k  0.04  
http_user_agent                   IPv4       6             1            15748          15748         15748        15.7k  0.09  
http_host                         IPv4       6             1             9874           9874          9874         9.9k  0.06  
dns_query                         IPv4      17             1            11420          11420         11420        11.4k  0.06  
tls_sni                           IPv4       6             6             2715           3569          2983        17.9k  0.10  
http_response_line                IPv4       6             1            27501          27501         27501        27.5k  0.15  
http_header (response)            IPv4       6             1            55072          55072         55072        55.1k  0.31  
http_header (response trailer)    IPv4       6             1            26559          26559         26559        26.6k  0.15  
http_content_type (response)      IPv4       6             1             8118           8118          8118         8.1k  0.05  
http_raw_header (response)        IPv4       6            24             4529          12586          5145       123.5k  0.69  
http_cookie (response)            IPv4       6             1             3259           3259          3259         3.3k  0.02  
http_stat_code                    IPv4       6             1             4706           4706          4706         4.7k  0.03  
tls_cert_issuer                   IPv4       6             6             2772           3601          3078        18.5k  0.10  
tls_cert_subject                  IPv4       6             6             4146           7657          5832        35.0k  0.20  
tls_cert_serial                   IPv4       6             6             3898          18266          7439        44.6k  0.25  
file_data (http response)         IPv4       6            23             2585        1279350        127448         2.9m  16.47 
Total                             IPv4                   318                                         54702        17.4m
payload                           IPv6      17            36             3782          44231          9625       346.5k  1.95  
payload                           IPv6      58            15             2884           5630          3590        53.9k  0.30  
Total                             IPv6                    51                                          7850       400.4k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            14             3855          13124          6964         97.5k  0.12  
PROF_DETECT_IPONLY          IPv4      17             7             6391          24287         10997         77.0k  0.10  
PROF_DETECT_RULES           IPv4       6           245             2543        1343820         34592          8.5m  10.63 
PROF_DETECT_RULES           IPv4      17            34            44723        9780887        412446         14.0m  17.59 
PROF_DETECT_STATEFUL_START    IPv4       6            27             2608        1127696         60628          1.6m  2.05  
PROF_DETECT_STATEFUL_CONT    IPv4       6           245             2557          57645          6612          1.6m  2.03  
PROF_DETECT_STATEFUL_CONT    IPv4      17            34             2520           5708          2931         99.7k  0.13  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           217             2553          15584          2823        612.7k  0.77  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             2             2785           3170          2977          6.0k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           245             7928        8299332         89942         22.0m  27.64 
PROF_DETECT_PREFILTER       IPv4      17            34            24427         103448         39979          1.4m  1.70  
PROF_DETECT_PF_PAYLOAD      IPv4       6            94            16722        8267022        149424         14.0m  17.62 
PROF_DETECT_PF_PAYLOAD      IPv4      17            34             8557          82471         20780        706.5k  0.89  
PROF_DETECT_PF_TX           IPv4       6           217             2630        1292431         20715          4.5m  5.64  
PROF_DETECT_PF_TX           IPv4      17             1            17584          17584         17584         17.6k  0.02  
PROF_DETECT_PF_SORT1        IPv4       6            69             2536          30715          3473        239.6k  0.30  
PROF_DETECT_PF_SORT1        IPv4      17            34             2614           5806          3669        124.7k  0.16  
PROF_DETECT_PF_SORT2        IPv4       6           245             2529          15154          2886        707.2k  0.89  
PROF_DETECT_PF_SORT2        IPv4      17            34             2555           4538          2921         99.3k  0.12  
PROF_DETECT_NONMPMLIST      IPv4       6           245             2570          26647          3171        776.9k  0.97  
PROF_DETECT_NONMPMLIST      IPv4      17            34             2538          57338          4807        163.5k  0.21  
PROF_DETECT_ALERT           IPv4       6           245             2527          16803          2730        669.0k  0.84  
PROF_DETECT_ALERT           IPv4      17            34             2534           3971          2653         90.2k  0.11  
PROF_DETECT_CLEANUP         IPv4       6           245             2564          20465          3013        738.2k  0.93  
PROF_DETECT_CLEANUP         IPv4      17            34             2527           6363          2853         97.0k  0.12  
PROF_DETECT_GETSGH          IPv4       6           245             2540          16741          3119        764.3k  0.96  
PROF_DETECT_GETSGH          IPv4      17            34             2595          23722          4002        136.1k  0.17  
PROF_DETECT_IPONLY          IPv6      17            12             2851           8788          3911         46.9k  0.06  
PROF_DETECT_IPONLY          IPv6      58             1             6275           6275          6275          6.3k  0.01  
PROF_DETECT_RULES           IPv6      17            36            33876         190234         69217          2.5m  3.13  
PROF_DETECT_RULES           IPv6      58            15             2536           9064          3529         52.9k  0.07  
PROF_DETECT_STATEFUL_CONT    IPv6      17            36             2520           3568          2815        101.3k  0.13  
PROF_DETECT_STATEFUL_CONT    IPv6      58            15             2518           3456          2832         42.5k  0.05  
PROF_DETECT_PREFILTER       IPv6      17            36            24637          66256         32533          1.2m  1.47  
PROF_DETECT_PREFILTER       IPv6      58            15            18555          22792         19488        292.3k  0.37  
PROF_DETECT_PF_PAYLOAD      IPv6      17            36             9005          49348         14925        537.3k  0.67  
PROF_DETECT_PF_PAYLOAD      IPv6      58            15             7997          11760          8906        133.6k  0.17  
PROF_DETECT_PF_SORT1        IPv6      17            36             2610           4748          3261    

This file has been truncated. Go here to download in full.


stats.log - (3211 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
------------------------------------------------------------------------------------
Date: 2/4/2019 -- 11:51:13 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 481
decoder.bytes                              | Total                     | 151457
decoder.ipv4                               | Total                     | 272
decoder.ipv6                               | Total                     | 51
decoder.ethernet                           | Total                     | 481
decoder.tcp                                | Total                     | 238
decoder.udp                                | Total                     | 70
decoder.icmpv6                             | Total                     | 15
decoder.avg_pkt_size                       | Total                     | 314
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 7
flow.udp                                   | Total                     | 18
flow.icmpv6                                | Total                     | 1
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 6
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.tls                         | Total                     | 6
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 1
app_layer.flow.failed_udp                  | Total                     | 17
flow.spare                                 | Total                     | 9994
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075744


eve.json - (8093 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
{"timestamp":"2019-02-01T09:24:59.926598+0000","flow_id":2246444264959200,"pcap_cnt":34,"event_type":"tls","src_ip":"192.168.100.29","src_port":49291,"dest_ip":"185.10.68.204","dest_port":443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-02-01T09:24:59.974464+0000","flow_id":2246444264959200,"pcap_cnt":35,"event_type":"alert","src_ip":"185.10.68.204","src_port":443,"dest_ip":"192.168.100.29","dest_port":49291,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-02-01T09:25:00.155747+0000","flow_id":1907545575546979,"pcap_cnt":36,"event_type":"dns","src_ip":"192.168.100.29","src_port":54206,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39218,"rrname":"www.download.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-02-01T09:25:00.169299+0000","flow_id":1907545575546979,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.29","dest_port":54206,"proto":"UDP","dns":{"type":"answer","id":39218,"rcode":"NOERROR","rrname":"www.download.windowsupdate.com","rrtype":"CNAME","ttl":3232,"rdata":"2-01-3cf7-0009.cdx.cedexis.net"}}
{"timestamp":"2019-02-01T09:25:00.169299+0000","flow_id":1907545575546979,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.29","dest_port":54206,"proto":"UDP","dns":{"type":"answer","id":39218,"rcode":"NOERROR","rrname":"2-01-3cf7-0009.cdx.cedexis.net","rrtype":"CNAME","ttl":40,"rdata":"wu.azureedge.net"}}
{"timestamp":"2019-02-01T09:25:00.169299+0000","flow_id":1907545575546979,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.29","dest_port":54206,"proto":"UDP","dns":{"type":"answer","id":39218,"rcode":"NOERROR","rrname":"wu.azureedge.net","rrtype":"CNAME","ttl":1241,"rdata":"wu.ec.azureedge.net"}}
{"timestamp":"2019-02-01T09:25:00.169299+0000","flow_id":1907545575546979,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.29","dest_port":54206,"proto":"UDP","dns":{"type":"answer","id":39218,"rcode":"NOERROR","rrname":"wu.ec.azureedge.net","rrtype":"CNAME","ttl":100,"rdata":"wu.wpc.apr-52dd2.edgecastdns.net"}}
{"timestamp":"2019-02-01T09:25:00.169299+0000","flow_id":1907545575546979,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.29","dest_port":54206,"proto":"UDP","dns":{"type":"answer","id":39218,"rcode":"NOERROR","rrname":"wu.wpc.apr-52dd2.edgecastdns.net","rrtype":"CNAME","ttl":100,"rdata":"hlb.apr-52dd2-0.edgecastdns.net"}}
{"timestamp":"2019-02-01T09:25:00.169299+0000","flow_id":1907545575546979,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.29","dest_port":54206,"proto":"UDP","dns":{"type":"answer","id":39218,"rcode":"NOERROR","rrname":"hlb.apr-52dd2-0.edgecastdns.net","rrtype":"CNAME","ttl":100,"rdata":"cs11.wpc.v0cdn.net"}}
{"timestamp":"2019-02-01T09:25:00.169299+0000","flow_id":1907545575546979,"pcap_cnt":37,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.29","dest_port":54206,"proto":"UDP","dns":{"type":"answer","id":39218,"rcode":"NOERROR","rrname":"cs11.wpc.v0cdn.net","rrtype":"A","ttl":2759,"rdata":"93.184.221.240"}}
{"timestamp":"2019-02-01T09:25:00.224642+0000","flow_id":1889511007888577,"pcap_cnt":106,"event_type":"http","src_ip":"192.168.100.29","src_port":49297,"dest_ip":"93.184.221.240","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed"}}
{"timestamp":"2019-02-01T09:25:13.163813+0000","flow_id":917710233532121,"pcap_cnt":183,"event_type":"tls","src_ip":"192.168.100.29","src_port":49492,"dest_ip":"185.10.68.204","dest_port":443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-02-01T09:25:13.176702+0000","flow_id":917710233532121,"pcap_cnt":184,"event_type":"alert","src_ip":"185.10.68.204","src_port":443,"dest_ip":"192.168.100.29","dest_port":49492,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-02-01T09:25:28.194068+0000","flow_id":404094422899375,"pcap_cnt":241,"event_type":"tls","src_ip":"192.168.100.29","src_port":49727,"dest_ip":"185.10.68.204","dest_port":443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-02-01T09:25:28.206848+0000","flow_id":404094422899375,"pcap_cnt":242,"event_type":"alert","src_ip":"185.10.68.204","src_port":443,"dest_ip":"192.168.100.29","dest_port":49727,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-02-01T09:25:34.077911+0000","flow_id":1448928969818523,"pcap_cnt":320,"event_type":"tls","src_ip":"192.168.100.29","src_port":49816,"dest_ip":"185.10.68.204","dest_port":443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-02-01T09:25:34.090893+0000","flow_id":1448928969818523,"pcap_cnt":321,"event_type":"alert","src_ip":"185.10.68.204","src_port":443,"dest_ip":"192.168.100.29","dest_port":49816,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-02-01T09:25:39.604272+0000","flow_id":797723881353190,"pcap_cnt":349,"event_type":"tls","src_ip":"192.168.100.29","src_port":49901,"dest_ip":"185.10.68.204","dest_port":443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-02-01T09:25:39.621359+0000","flow_id":797723881353190,"pcap_cnt":350,"event_type":"alert","src_ip":"185.10.68.204","src_port":443,"dest_ip":"192.168.100.29","dest_port":49901,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-02-01T09:26:08.398567+0000","flow_id":524505981160611,"pcap_cnt":410,"event_type":"tls","src_ip":"192.168.100.29","src_port":50333,"dest_ip":"185.10.68.204","dest_port":443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-02-01T09:26:08.411489+0000","flow_id":524505981160611,"pcap_cnt":411,"event_type":"alert","src_ip":"185.10.68.204","src_port":443,"dest_ip":"192.168.100.29","dest_port":50333,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-02-01T09:26:49.438863+0000","flow_id":1889511007888577,"event_type":"fileinfo","src_ip":"93.184.221.240","src_port":80,"dest_ip":"192.168.100.29","dest_port":49297,"proto":"TCP","http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":56543},"app_proto":"http","fileinfo":{"filename":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","gaps":false,"state":"CLOSED","stored":false,"size":56543,"tx_id":0}}


keyword_perf.log - (9505 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 2/4/2019 -- 11:51:13
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             197967          53              53              17174           3735.00         3735.00         0.00           
  content          2049530         308             159             159183          6654.00         8390.00         4801.00        
  pcre             257707          41              37              45063           6285.00         5486.00         13672.00       
  byte_test        205662          57              49              20609           3608.00         3730.00         2855.00        
  byte_jump        64053           20              13              4459            3202.00         3231.00         3150.00        
  isdataat         3030            1               0               3030            3030.00         0.00            3030.00        
  urilen           10213           3               1               3767            3404.00         3332.00         3440.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             197967          53              53              17174           3735.00         3735.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1072592         245             132             38809           4377.00         4475.00         4263.00        
  pcre             203018          37              37              45063           5486.00         5486.00         0.00           
  byte_test        205662          57              49              20609           3608.00         3730.00         2855.00        
  byte_jump        59594           19              12              3755            3136.00         3128.00         3150.00        
  isdataat         3030            1               0               3030            3030.00         0.00            3030.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          17785           4               1               4870            4446.00         4732.00         4351.00        
  urilen           10213           3               1               3767            3404.00         3332.00         3440.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3717            1               0               3717            3717.00         0.00            3717.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          847202          29              7               159183          29213.00        95811.00        8023.00        
  pcre             34456           3               0               17339           11485.00        0.00            11485.00       
  byte_jump        4459            1               1               4459            4459.00         4459.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          51153           12              6               5983            4262.00         4432.00         4093.00        
  pcre             20233           1               0               20233           20233.00        0.00            20233.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12043           3               0               5010            4014.00         0.00            4014.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3769            1               0               3769            3769.00         0.00            3769.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3264            1               1               3264            3264.00         3264.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          38005           12              12              3496            3167.00         3167.00         0.00           


suricata-4.0.0-etpro-base-perf.txt-2019-02-04-T-11-51-13-02042019.1150-84ca1351-ef4f-459a-8e5e-c6074619a5a4.pcap.txt - (21845 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 2/4/2019 -- 11:51:13. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2023626      1        3        9848186      51.36  48       0        9721557     205170.54   0.00        205170.54  
  2        2820157      1        2        449221       2.34   1        0        449221      449221.00   0.00        449221.00  
  3        2820158      1        2        428803       2.24   1        0        428803      428803.00   0.00        428803.00  
  4        2020865      1        3        174233       0.91   1        0        174233      174233.00   0.00        174233.00  
  5        2022535      1        11       481068       2.51   6        0        114055      80178.00    0.00        80178.00   
  6        2805348      1        4        644951       3.36   12       0        103113      53745.92    0.00        53745.92   
  7        2022627      1        12       493216       2.57   6        0        100490      82202.67    0.00        82202.67   
  8        2023476      1        5        483611       2.52   6        0        91496       80601.83    0.00        80601.83   
  9        2024777      1        2        112544       0.59   18       0        63539       6252.44     0.00        6252.44    
  10       2815664      1        3        62517        0.33   1        0        62517       62517.00    0.00        62517.00   
  11       2822213      1        2        311616       1.62   6        0        60302       51936.00    0.00        51936.00   
  12       2009702      1        5        60661        0.32   2        0        57797       30330.50    0.00        30330.50   
  13       2821014      1        13       56043        0.29   1        0        56043       56043.00    0.00        56043.00   
  14       2806802      1        2        165519       0.86   7        0        49304       23645.57    0.00        23645.57   
  15       2019010      1        3        82667        0.43   14       0        44480       5904.79     0.00        5904.79    
  16       2828823      1        2        204079       1.06   6        6        44322       34013.17    34013.17    0.00       
  17       2013739      1        15       225285       1.17   66       0        40328       3413.41     0.00        3413.41    
  18       2024771      1        1        158622       0.83   24       0        39757       6609.25     0.00        6609.25    
  19       2821615      1        2        37613        0.20   1        0        37613       37613.00    0.00        37613.00   
  20       2809850      1        2        36404        0.19   1        0        36404       36404.00    0.00        36404.00   
  21       2816356      1        2        36350        0.19   1        0        36350       36350.00    0.00        36350.00   
  22       2024909      1        2        94255        0.49   4        0        35909       23563.75    0.00        23563.75   
  23       2807878      1        2        29890        0.16   1        0        29890       29890.00    0.00        29890.00   
  24       2020698      1        2        28824        0.15   1        0        28824       28824.00    0.00        28824.00   
  25       2017552      1        6        202371       1.06   13       0        26567       15567.00    0.00        15567.00   
  26       2012707      1        5        25485        0.13   1        0        25485       25485.00    0.00        25485.00   
  27       2018486      1        5        25057        0.13   1        0        25057       25057.00    0.00        25057.00   
  28       2007880      1        7        24567        0.13   1        0        24567       24567.00    0.00        24567.00   
  29       2816165      1        5        23775        0.12   1        0        23775       23775.00    0.00        23775.00   
  30       2022502      1        4        23730        0.12   1        0        23730       23730.00    0.00        23730.00   
  31       2022552      1        2        23368        0.12   1        0        23368       23368.00    0.00        23368.00   
  32       2827279      1        5        22804        0.12   1        0        22804       22804.00    0.00        22804.00   
  33       2810481      1        4        22685        0.12   1        0        22685       22685.00    0.00        22685.00   
  34       2826256      1        2        22416        0.12   1        0        22416       22416.00    0.00        22416.00   
  35       2018667      1        3        21935        0.11   1        0        21935       21935.00    0.00        21935.00   
  36       2020764      1        2        21793        0.11   1        0        21793       21793.00    0.00        21793.00   
  37       2830036      1        1        21671        0.11   1        0        21671       21671.00    0.00        21671.00   
  38       2823966      1        1        55096        0.29   12       0        21625       4591.33     0.00        4591.33    
  39       2828008      1        2        21532        0.11   1        0        21532       21532.00    0.00        21532.00   
  40       2014701      1        12       23935        0.12   2        0        21384       11967.50    0.00        11967.50   
  41       2022773      1        2        20819        0.11   1        0        20819       20819.00    0.00        20819.00   
  42       2829625      1        2        20729        0.11   1        0        20729       20729.00    0.00        20729.00   
  43       2020794      1        2        20349        0.11   1        0        20349       20349.00    0.00        20349.00   
  44       2806659      1        4        20310        0.11   1        0        20310       20310.00    0.00        20310.00   
  45       2019083      1        2        19325        0.10   1        0        19325       19325.00    0.00        19325.00   
  46       2006447      1        13       19229        0.10   1        0        19229       19229.00    0.00        19229.00   
  47       2020765      1        2        19025        0.10   1        0        19025       19025.00    0.00        19025.00   
  48       2826281      1        2        18888        0.10   1        0        18888       18888.00    0.00        18888.00   
  49       2018287      1        2        18806        0.10   1        0        18806       18806.00    0.00        18806.00   
  50       2018375      1        3        58361        0.30   4        0        18347       14590.25    0.00        14590.25   
  51       2010140      1        7        252452       1.32   67       0        18196       3767.94     0.00        3767.94    
  52       2020774      1        2        18196        0.09   1        0        18196       18196.00    0.00        18196.00   
  53       2023622      1        3        158787       0.83   54       0        17435       2940.50     0.00        2940.50    
  54       2803760      1        3        16385        0.09   1        0        16385       16385.00    0.00        16385.00   
  55       2100518      1        8        72590        0.38   22       0        16263       3299.55     0.00        3299.55    
  56       2014702      1        9        18608        0.10   2        0        16026       9304.00     0.00        9304.00    
  57       2811577      1        2        19353        0.10   2        0        15868       9676.50     0.00        9676.50    
  58       2022543      1        1        15551        0.08   1        0        15551       15551.00    0.00        15551.00   
  59       2807531      1        3        25217        0.13   2        0        15468       12608.50    0.00        12608.50   
  60       2811542      1        1        14831        0.08   1        0        14831       14831.00    0.00        14831.00   
  61       2019230      1        2        18340        0.10   2        0        14757       9170.00     0.00        9170.00    
  62       2014703      1        9        17630        0.09   2        0        14711       8815.00     0.00        8815.00    
  63       2811544      1        1        17216        0.09   2        0        14053       8608.00     0.00        8608.00    
  64       2023349      1        2        10784        0.06   1        0        10784       10784.00    0.00        10784.00   
  65       2804586      1        2        10477        0.05   1        0        10477       10477.00    0.00        10477.00   
  66       2809256      1        3        38457        0.20   12       0        5491        3204.75     0.00        3204.75    
  67       2024776      1        1        12939        0.07   4        0        4537        3234.75     0.00        3234.75    
  68       2804907      1        3        4498         0.02   1        0        4498        4498.00     0.00        4498.00    
  69       2802205      1        3        61843        0.32   22       0        4338        2811.05     0.00        2811.05    
  70       2009387      1        4        39306        0.20   12       0        4336        3275.50     0.00        3275.50    
  71       2024650      1        1        21993        0.11   7        0        4242        3141.86     0.00        3141.86    
  72       2010143      1        3        185602       0.97   67       0        4198        2770.18     0.00        2770.18    
  73       2018382      1        8        13661        0.07   4        0        4191        3415.25     0.00        3415.25    
  74       2022547      1        1        73493        0.38   25       0        4133        2939.72     0.00        2939.72    
  75       2802822      1        1        71191        0.37   24       0        4123        2966.29     0.00        2966.29    
  76       2823788      1        4        4113         0.02   1        0        4113        4113.00     0.00        4113.00    
  77       2023627      1        3        101651       0.53   37       0        4109        2747.32     0.00        2747.32    
  78       2023624      1        3        121665       0.63   46       0        4084        2644.89     0.00        2644.89    
  79       2100540      1        12       8110         0.04   2        0        4056        4055.00     0.00        4055.00    
  80       2102190      1        5        51420        0.27   17       0        4035        3024.71     0.00        3024.71    
  81       2821129      1        2        35438        0.18   12       0        3934        2953.17     0.00        2953.17    
  82       2101379      1        13       3929         0.02   1        0        3929        3929.00     0.00        3929.00    
  83       2018373      1        3        12502        0.07   4        0        3883        3125.50     0.00        3125.50    
  84       2023621      1        4        19381        0.10   7        0        3849        2768.71     0.00        2768.71    
  85       2008420      1        4        7057         0.04   2        0        3809        3528.50     0.00        3528.50    
  86       2016323      1        1        7519         0.04   2        0        3804        3759.50     0.00        3759.50    
  87       2001330      1        8        200521       1.05   72       0        3770        2785.01     0.00        2785.01    
  88       2015986      1        5        35994        0.19   12       0        3761        2999.50     0.00        2999.50    
  89       2102523      1        8        21761        0.11   7        0        3747        3108.71     0.00        3108.71    
  90       2804911      1        3        3693         0.02   1        0        3693        3693.00     0.00        3693.00    
  91       2023623      1        3        77355        0.40   29       0        3684        2667.41     0.00        2667.41    
  92       2810792      1        5        3683         0.02   1        0        3683        3683.00     0.00        3683.00    
  93       2008117      1        3        67098        0.35   24       0        3678        2795.75     0.00        2795.75    
  94       2102523      1        8        22907        0.12   7        0        3647        3272.43     0.00        3272.43    
  95       2811447      1        2        7209         0.04   2        0        3630        3604.50     0.00        3604.50    
  96       2016363      1        2        6944         0.04   2        0        3599        3472.00     0.00        3472.00    
  97       2018377      1        3        12147        0.06   4        0        3582        3036.75     0.00        3036.75    
  98       2806561      1        5        19699        0.10   6        0        3566        3283.17     0.00        3283.17    
  99       2008120      1        4        184169       0.96   68       0        3556        2708.37     0.00        2708.37    
  100      2019345      1        2        3529         0.02   1        0        3529        3529.00     0.00        3529.00    
  101      2009984      1        2        6967         0.04   2        0        3529        3483.50     0.00        3483.50    
  102      2100327      1        10       18925        0.10   6        0        3515        3154.17     0.00        3154.17    
  103      2016178      1        2        29800        0.16   10       0        3513        2980.00     0.00        2980.00    
  104      2017935      1        3        18438        0.10   6        0        3499        3073.00     0.00        3073.00    
  105      2811121      1        2        3497         0.02   1        0        3497        3497.00     0.00        3497.00    
  106      2808577      1        5        64518        0.34   23       0        3497        2805.13     0.00        2805.13    
  107      2801347      1        5        31642        0.17   11       0        3494        2876.55     0.00        2876.55    
  108      2025200      1        1        6166         0.03   2        0        3492        3083.00     0.00        3083.00    
  109      2023625      1        3        93046        0.49   35       0        3483        2658.46     0.00        2658.46    
  110      2019011      1        3        61692        0.32   22       0        3481        2804.18     0.00        2804.18    
  111      2022132      1        1        6359         0.03   2        0        3480        3179.50     0.00        3179.50    
  112      2828876      1        1        76326        0.40   27       0        3464        2826.89     0.00        2826.89    
  113      2809132      1        1        18635        0.10   6        0        3461        3105.83     0.00        3105.83    
  114      2024778      1        1        11160        0.06   4        0        3459        2790.00     0.00        2790.00    
  115      2816382      1        1        8873         0.05   3        0        3417        2957.67     0.00        2957.67    
  116      2017548      1        6        3411         0.02   1        0        3411        3411.00     0.00        3411.00    
  117      2103159      1        4        36348        0.19   12       0        3404        3029.00     0.00        3029.00    
  118      2008116      1        4        61163        0.32   22       0        3369        2780.14     0.00        2780.14    
  119      2018283      1        5        3365         0.02   1        0        3365        3365.00     0.00        3365.00    
  120      2102330      1        3        3365         0.02   1        0        3365        3365.00     0.00        3365.00    
  121      2009243      1        2        35855        0.19   13       0        3356        2758.08     0.00        2758.08    
  122      2100660      1        13       3332         0.02   1        0        3332        3332.00     0.00        3332.00    
  123      2802987      1        5        6585         0.03   2        0        3327        3292.50     0.00        3292.50    
  124      2103158      1        6        53726        0.28   19       0        3325        2827.68     0.00        2827.68    
  125      2811034      1        1        17

This file has been truncated. Go here to download in full.


suricata-report-2019-02-04-T-11-51-13-02042019.1150-84ca1351-ef4f-459a-8e5e-c6074619a5a4.pcap.txt - (16220 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/f5d9ad21f869f566a0748f0f24c5bf74c868f2786383154b95a80e4733a7b823 -r /var/pcap/02042019.1150-84ca1351-ef4f-459a-8e5e-c6074619a5a4.pcap -vvv -k none
elapsedtime:17.844833
stderr:
stdout:
4/2/2019 -- 11:50:55 - <Info> - Configuration node 'rule-files' redefined.
4/2/2019 -- 11:50:55 - <Notice> - This is Suricata version 4.0.0 RELEASE
4/2/2019 -- 11:50:55 - <Info> - CPUs/cores online: 1
4/2/2019 -- 11:50:55 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34048 and 'request-body-inspect-window' set to 15696 after randomization.
4/2/2019 -- 11:50:55 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31142 and 'response-body-inspect-window' set to 15991 after randomization.
4/2/2019 -- 11:50:55 - <Config> - DNS request flood protection level: 500
4/2/2019 -- 11:50:55 - <Config> - DNS per flow memcap (state-memcap): 524288
4/2/2019 -- 11:50:55 - <Config> - DNS global memcap: 16777216
4/2/2019 -- 11:50:55 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/2/2019 -- 11:50:55 - <Config> - preallocated 1000 hosts of size 136
4/2/2019 -- 11:50:55 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/2/2019 -- 11:50:55 - <Config> - using magic-file /usr/share/file/magic
4/2/2019 -- 11:50:55 - <Config> - Core dump size is unlimited.
4/2/2019 -- 11:50:55 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/2/2019 -- 11:50:55 - <Config> - preallocated 1000 defrag trackers of size 168
4/2/2019 -- 11:50:55 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/2/2019 -- 11:50:55 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/2/2019 -- 11:50:55 - <Config> - stream "memcap": 33554432
4/2/2019 -- 11:50:55 - <Config> - stream "midstream" session pickups: disabled
4/2/2019 -- 11:50:55 - <Config> - stream "async-oneside": disabled
4/2/2019 -- 11:50:55 - <Config> - stream "checksum-validation": disabled
4/2/2019 -- 11:50:55 - <Config> - stream."inline": disabled
4/2/2019 -- 11:50:55 - <Config> - stream "bypass": disabled
4/2/2019 -- 11:50:55 - <Config> - stream "max-synack-queued": 5
4/2/2019 -- 11:50:55 - <Config> - stream.reassembly "memcap": 134217728
4/2/2019 -- 11:50:55 - <Config> - stream.reassembly "depth": 0
4/2/2019 -- 11:50:55 - <Config> - stream.reassembly "toserver-chunk-size": 2631
4/2/2019 -- 11:50:55 - <Config> - stream.reassembly "toclient-chunk-size": 2591
4/2/2019 -- 11:50:55 - <Config> - stream.reassembly.raw: enabled
4/2/2019 -- 11:50:55 - <Config> - stream.reassembly "segment-prealloc": 2048
4/2/2019 -- 11:50:55 - <Config> - Delayed detect disabled
4/2/2019 -- 11:50:55 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/2/2019 -- 11:50:55 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/2/2019 -- 11:50:55 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/2/2019 -- 11:50:55 - <Config> - prefilter engines: MPM
4/2/2019 -- 11:50:55 - <Config> - IP reputation disabled
4/2/2019 -- 11:50:55 - <Perf> - Registered 148 keyword profiling counters.
4/2/2019 -- 11:50:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
4/2/2019 -- 11:50:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
4/2/2019 -- 11:50:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
4/2/2019 -- 11:51:00 - <Config> - No rules loaded from ET-icmp.rules.
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
4/2/2019 -- 11:51:00 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
4/2/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
4/2/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
4/2/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
4/2/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
4/2/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
4/2/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
4/2/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
4/2/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
4/2/2019 -- 11:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
4/2/2019 -- 11:51:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
4/2/2019 -- 11:51:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
4/2/2019 -- 11:51:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
4/2/2019 -- 11:51:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
4/2/2019 -- 11:51:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
4/2/2019 -- 11:51:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
4/2/2019 -- 11:51:05 - <Config> - No rules loaded from local.rules.
4/2/2019 -- 11:51:05 - <Info> - 31 rule files processed. 32260 rules successfully loaded, 0 rules failed
4/2/2019 -- 11:51:05 - <Info> - Threshold config parsed: 0 rule(s) found
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for tcp-packet
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for tcp-stream
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for udp-packet
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for other-ip
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_uri
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_request_line
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_client_body
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_response_line
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_header
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_header
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_header_names
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_header_names
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_accept
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_accept_enc
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_accept_lang
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_referer
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_connection
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_content_len
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_content_len
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_content_type
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_content_type
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_protocol
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_protocol
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_start
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_start
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_raw_header
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_raw_header
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_method
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_cookie
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_cookie
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_raw_uri
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_user_agent
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_host
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_raw_host
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_stat_msg
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_stat_code
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for dns_query
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for tls_sni
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for tls_cert_serial
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for dce_stub_data
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for dce_stub_data
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for ssh_protocol
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for ssh_protocol
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for ssh_software
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for ssh_software
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for file_data
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for file_data
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_request_line
4/2/2019 -- 11:51:06 - <Perf> - using shared mpm ctx' for http_response_line
4/2/2019 -- 11:51:06 - <Info> - 32265 signatures processed. 2 are IP-only rules, 14352 are inspecting packet payload, 21545 inspect application layer, 0 are decoder event only
4/2/2019 -- 11:51:06 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/2/2019 -- 11:51:06 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
4/2/2019 -- 11:51:06 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
4/2/2019 -- 11:51:06 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
4/2/2019 -- 11:51:06 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
4/2/2019 -- 11:51:06 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
4/2/2019 -- 11:51:06 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/2/2019 -- 11:51:10 - <Perf> - Unique rule groups: 102
4/2/2019 -- 11:51:10 - <Perf> - Builtin MPM "toserver TCP packet": 35
4/2/2019 -- 11:51:10 - <Perf> - Builtin MPM "toclient TCP packet": 17
4/2/2019 -- 11:51:10 - <Perf> - Builtin MPM "toserver TCP stream": 33
4/2/2019 -- 11:51:10 - <Perf> - Builtin MPM "toclient TCP stream": 19
4/2/2019 -- 11:51:10 - <Perf> - Builtin MPM "toserver UDP packet": 27
4/2/2019 -- 11:51:10 - <Perf> - Builtin MPM "toclient UDP packet": 15
4/2/2019 -- 11:51:10 - <Perf> - Builtin MPM "other IP packet": 3
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_uri": 14
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_request_line": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_client_body": 5
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient http_response_line": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_header": 10
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient http_header": 6
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_header_names": 2
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_accept": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_referer": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_content_len": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_content_type": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient http_content_type": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_protocol": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_start": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_method": 5
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver http_host": 2
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver tls_sni": 2
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toserver file_data": 1
4/2/2019 -- 11:51:10 - <Perf> - AppLayer MPM "toclient file_data": 7
4/2/2019 -- 11:51:12 - <Perf> - Registered 32265 rule profiling counters.
4/2/2019 -- 11:51:12 - <Info> - fast output device (regular) initialized: alert
4/2/2019 -- 11:51:12 - <Info> - eve-log output device (regular) initialized: eve.json
4/2/2019 -- 11:51:12 - <Config> - enabling 'eve-log' module 'alert'
4/2/2019 -- 11:51:12 - <Config> - enabling 'eve-log' module 'http'
4/2/2019 -- 11:51:12 - <Config> - enabling 'eve-log' module 'dns'
4/2/2019 -- 11:51:12 - <Config> - enabling 'eve-log' module 'tls'
4/2/2019 -- 11:51:12 - <Config> - enabling 'eve-log' module 'files'
4/2/2019 -- 11:51:12 - <Config> - enabling 'eve-log' module 'ssh'
4/2/2019 -- 11:51:12 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
4/2/2019 -- 11:51:12 - <Info> - stats output device (regular) initialized: stats.log
4/2/2019 -- 11:51:12 - <Config> - AutoFP mode using "Hash" flow load balancer
4/2/2019 -- 11:51:12 - <Info> - reading pcap file /var/pcap/02042019.1150-84ca1351-ef4f-459a-8e5e-c6074619a5a4.pcap
4/2/2019 -- 11:51:12 - <Config> - using 1 flow manager threads
4/2/2019 -- 11:51:12 - <Config> - using 1 flow recycler threads
4/2/2019 -- 11:51:12 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
4/2/2019 -- 11:51:12 - <Info> - pcap file end of file reached (pcap err code 0)
4/2/2019 -- 11:51:12 - <Notice> - Signal Received.  Stopping engine.
4/2/2019 -- 11:51:12 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
4/2/2019 -- 11:51:12 - <Info> - time elapsed 0.059s
4/2/2019 -- 11:51:13 - <Perf> - 26 flows processed
4/2/2019 -- 11:51:13 - <Notice> - Pcap-file module read 481 packets, 151457 bytes
4/2/2019 -- 11:51:13 - <Perf> - AutoFP - Total flow handler queues - 1
4/2/2019 -- 11:51:13 - <Info> - Alerts: 6
4/2/2019 -- 11:51:13 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
4/2/2019 -- 11:51:13 - <Perf> - Done dumping profiling data.
4/2/2019 -- 11:51:13 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
4/2/2019 -- 11:51:13 - <Perf> - Dumping profiling data for 32265 rules.
4/2/2019 -- 11:51:13 - <Perf> - Done dumping profiling data.
4/2/2019 -- 11:51:13 - <Perf> - Done dumping keyword profiling data.
4/2/2019 -- 11:51:13 - <Info> - cleaning up signature grouping structure... complete
returncode:
0errors:
warnings:


IDSDeathBlossom.py.log - (1178 bytes) - download
1
2
3
4
5
6
7
8
2019-02-04 11:50:54,643 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-02-04 11:50:55,371 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-02-04 11:50:55,371 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-base
2019-02-04 11:50:55,372 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-02-04 11:50:55,372 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-02-04 11:50:55,372 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-base.yaml -l /var/www/html/f5d9ad21f869f566a0748f0f24c5bf74c868f2786383154b95a80e4733a7b823 -r /var/pcap/02042019.1150-84ca1351-ef4f-459a-8e5e-c6074619a5a4.pcap -vvv -k none
2019-02-04 11:51:13,219 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-02-04 11:51:13,220 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 18.5850510597