Filename: merged.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 14.5242681503 seconds
Hash: fbb1cbc7a611e51f35475592fb9a5622
Uploaded: 1534531627

Logfiles


packet_stats.log - (11666 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6             8          4872860       44681020      23373623        187.0m   59.06
 IPv4      17            14          1407932       19551668       9260070        129.6m   40.94
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6             8            82064       13547892       3281170         26.2m   57.86
TMM_FLOWWORKER              IPv4      17            14           147656        5367420       1346996         18.9m   41.57
TMM_RECEIVEPCAPFILE         IPv4       6             7             3200           4076          3516         24.6k    0.05
TMM_RECEIVEPCAPFILE         IPv4      17            14             3188          13092          4125         57.8k    0.13
TMM_DECODEPCAPFILE          IPv4       6             7             3036          31564          7347         51.4k    0.11
TMM_DECODEPCAPFILE          IPv4      17            14             3036          78748          8831        123.6k    0.27

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6             7             3644           6224          4840         33.9k  0.10  
flow                    IPv4      17            14             3060          70044         14044        196.6k  0.56  
stream                  IPv4       6             8             6624        1337036        235340          1.9m  5.36  
app-layer               IPv4      17            14             2964         135528         28056        392.8k  1.12  
detect                  IPv4       6             8            52228       12360732       2835121         22.7m  64.56 
detect                  IPv4      17            14           129840        2393460        702625          9.8m  28.00 
tcp-prune               IPv4       6             8             3160          48356         13446        107.6k  0.31  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             1            32792          32792         32792         32.8k  21.53 
dns                     IPv4      17             5            12060          58796         23897        119.5k  78.47 
Proto detect            IPv4      17             8             6864          86556         33472        267.8k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_DNS             IPv4      17             4           612756        4738364       2028714          8.1m  85.72 
LOGGER_JSON_HTTP            IPv4       6             1          1062088        1062088       1062088          1.1m  11.22 
LOGGER_JSON_FILE            IPv4       6             1           289728         289728        289728        289.7k  3.06  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             4             4800        7925284       2129748         8.5m  57.92 
payload                           IPv4      17            14            13116         741756        164658         2.3m  15.67 
stream                            IPv4       6             4             3968        1088356        365016         1.5m  9.93  
http_uri                          IPv4       6             1           969952         969952        969952       970.0k  6.59  
http_request_line                 IPv4       6             1            15928          15928         15928        15.9k  0.11  
http_client_body                  IPv4       6             1            11564          11564         11564        11.6k  0.08  
http_header (request)             IPv4       6             1          1037480        1037480       1037480         1.0m  7.05  
http_header (request trailer)     IPv4       6             1             3448           3448          3448         3.4k  0.02  
http_header_names (request)       IPv4       6             1            32172          32172         32172        32.2k  0.22  
http_accept (request)             IPv4       6             1             9344           9344          9344         9.3k  0.06  
http_referer (request)            IPv4       6             1             3868           3868          3868         3.9k  0.03  
http_content_len (request)        IPv4       6             1             4228           4228          4228         4.2k  0.03  
http_content_type (request)       IPv4       6             1             4176           4176          4176         4.2k  0.03  
http_start (request)              IPv4       6             1            16072          16072         16072        16.1k  0.11  
http_raw_header (request)         IPv4       6             1            13172          13172         13172        13.2k  0.09  
http_method                       IPv4       6             1            39696          39696         39696        39.7k  0.27  
http_cookie (request)             IPv4       6             1             4384           4384          4384         4.4k  0.03  
http_raw_uri                      IPv4       6             1            13516          13516         13516        13.5k  0.09  
http_user_agent                   IPv4       6             1            37372          37372         37372        37.4k  0.25  
http_host                         IPv4       6             1            10384          10384         10384        10.4k  0.07  
dns_query                         IPv4      17             2            14308          16580         15444        30.9k  0.21  
http_response_line                IPv4       6             1            15140          15140         15140        15.1k  0.10  
http_header (response)            IPv4       6             1            88696          88696         88696        88.7k  0.60  
http_header (response trailer)    IPv4       6             1             2980           2980          2980         3.0k  0.02  
http_content_type (response)      IPv4       6             1             8632           8632          8632         8.6k  0.06  
http_raw_header (response)        IPv4       6             1            21496          21496         21496        21.5k  0.15  
http_cookie (response)            IPv4       6             1            10972          10972         10972        11.0k  0.07  
http_stat_code                    IPv4       6             1             6356           6356          6356         6.4k  0.04  
file_data (http response)         IPv4       6             1            11768          11768         11768        11.8k  0.08  
Total                             IPv4                    49                                        300162        14.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            20052          46696         33374         66.7k  0.13  
PROF_DETECT_IPONLY          IPv4      17             9            24568         473152        101371        912.3k  1.82  
PROF_DETECT_RULES           IPv4       6             8             3156        8842956       1133104          9.1m  18.09 
PROF_DETECT_RULES           IPv4      17            14            45288         669116        206330          2.9m  5.76  
PROF_DETECT_STATEFUL_START    IPv4       6             2            38596        2773828       1406212          2.8m  5.61  
PROF_DETECT_STATEFUL_CONT    IPv4       6             8             2884          17668          7189         57.5k  0.11  
PROF_DETECT_STATEFUL_CONT    IPv4      17            14             2832          31876          7526        105.4k  0.21  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             4             3864           5552          4497         18.0k  0.04  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             3852         373628         96858        387.4k  0.77  
PROF_DETECT_PREFILTER       IPv4       6             8             9340        7981916       1585917         12.7m  25.32 
PROF_DETECT_PREFILTER       IPv4      17            14            37224         784960        264336          3.7m  7.39  
PROF_DETECT_PF_PAYLOAD      IPv4       6             4           377584        7939072       2505159         10.0m  20.00 
PROF_DETECT_PF_PAYLOAD      IPv4      17            14            18812         750576        172337          2.4m  4.82  
PROF_DETECT_PF_TX           IPv4       6             4             6316        2291780        626493          2.5m  5.00  
PROF_DETECT_PF_TX           IPv4      17             2            23972          24260         24116         48.2k  0.10  
PROF_DETECT_PF_SORT1        IPv4       6             3             3680          13012          6917         20.8k  0.04  
PROF_DETECT_PF_SORT1        IPv4      17            14             3356         424856         65262        913.7k  1.82  
PROF_DETECT_PF_SORT2        IPv4       6             8             2884           6524          4026         32.2k  0.06  
PROF_DETECT_PF_SORT2        IPv4      17            14             2864           6940          4930         69.0k  0.14  
PROF_DETECT_NONMPMLIST      IPv4       6             8             3144         395068         52476        419.8k  0.84  
PROF_DETECT_NONMPMLIST      IPv4      17            14             2848           5760          4450         62.3k  0.12  
PROF_DETECT_ALERT           IPv4       6             8             2824           5340          3847         30.8k  0.06  
PROF_DETECT_ALERT           IPv4      17            14             2844          89384         10312        144.4k  0.29  
PROF_DETECT_CLEANUP         IPv4       6             8             2948          12248          5735         45.9k  0.09  
PROF_DETECT_CLEANUP         IPv4      17            14             2828         424748         35490        496.9k  0.99  
PROF_DETECT_GETSGH          IPv4       6             8             3132           8184          4532         36.3k  0.07  
PROF_DETECT_GETSGH          IPv4      17            14             2856          28708         10417        145.8k  0.29  


stats.log - (2826 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 8/17/2018 -- 18:47:22 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 21
decoder.bytes                              | Total                     | 4587
decoder.ipv4                               | Total                     | 21
decoder.ethernet                           | Total                     | 21
decoder.tcp                                | Total                     | 7
decoder.udp                                | Total                     | 14
decoder.avg_pkt_size                       | Total                     | 218
decoder.max_pkt_size                       | Total                     | 550
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 6
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
detect.mpm_list                            | Total                     | 9
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 11
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 4
flow.spare                                 | Total                     | 9997
flow_mgr.flows_checked                     | Total                     | 5
flow_mgr.flows_notimeout                   | Total                     | 5
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65531
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456


eve.json - (11549 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{"timestamp":"2018-08-10T10:44:37.484549+0000","flow_id":279116713911493,"pcap_cnt":7,"event_type":"dns","src_ip":"192.168.38.10","src_port":62129,"dest_ip":"10.55.99.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":21895,"rrname":"time.windows.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"time.windows.com","rrtype":"CNAME","ttl":1428,"rdata":"time.microsoft.akadns.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"time.microsoft.akadns.net","rrtype":"A","ttl":30,"rdata":"52.173.193.166"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"f.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"a.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"l.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"h.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"d.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"k.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"m.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"g.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"e.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"b.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"c.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"j.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:37.691240+0000","flow_id":279116713911493,"pcap_cnt":8,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":62129,"proto":"UDP","dns":{"type":"answer","id":21895,"rcode":"NOERROR","rrname":"net","rrtype":"NS","ttl":28972,"rdata":"i.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.335660+0000","flow_id":73488713129772,"pcap_cnt":13,"event_type":"dns","src_ip":"192.168.38.10","src_port":50771,"dest_ip":"10.55.99.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":1135,"rrname":"skymediaads.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"skymediaads.com","rrtype":"A","ttl":599,"rdata":"107.180.28.80"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"m.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"i.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"e.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"l.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"h.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"j.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"b.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"a.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"d.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"f.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"k.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"c.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:52.724487+0000","flow_id":73488713129772,"pcap_cnt":14,"event_type":"dns","src_ip":"10.55.99.1","src_port":53,"dest_ip":"192.168.38.10","dest_port":50771,"proto":"UDP","dns":{"type":"answer","id":1135,"rcode":"NOERROR","rrname":"com","rrtype":"NS","ttl":28180,"rdata":"g.gtld-servers.net"}}
{"timestamp":"2018-08-10T10:44:53.227119+0000","flow_id":1598668107163555,"pcap_cnt":21,"event_type":"http","src_ip":"192.168.38.10","src_port":49159,"dest_ip":"107.180.28.80","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"skymediaads.com","url":"\/iam\/ins.php?SMAC=&User=PC<o>4A095E27CB<q>STRAZNJICA.GRUBUTT&UUID=00000000-0000-0000-0000-000000000000&Vendor=ASUS&Name=P5E-VMDO&HDDSerialNumber=QM00001&Caption=MicrosoftWindows7Ultimate&OSArchitectures=64-bit&OSerialNumber=00426-OEM-8992662-00173&ProcessorName=Intel(R)Core(TM)2DuoCPUT7700@2.40GHz&RAM=1341640704&version=1.52&publisherid=installer","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"}}
{"timestamp":"2018-08-10T10:44:53.227119+0000","flow_id":1598668107163555,"event_type":"fileinfo","src_ip":"107.180.28.80","src_port":80,"dest_ip":"192.168.38.10","dest_port":49159,"proto":"TCP","http":{"hostname":"skymediaads.com","url":"\/iam\/ins.php?SMAC=&User=PC<o>4A095E27CB<q>STRAZNJICA.GRUBUTT&UUID=00000000-0000-0000-0000-000000000000&Vendor=ASUS&Name=P5E-VMDO&HDDSerialNumber=QM00001&Caption=MicrosoftWindows7Ultimate&OSArchitectures=64-bit&OSerialNumber=00426-OEM-8992662-00173&ProcessorName=Intel(R)Core(TM)2DuoCPUT7700@2.40GHz&RAM=1341640704&version=1.52&publisherid=installer","http_user_agent":"Mozilla\/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":4},"app_proto":"http","fileinfo":{"filename":"\/iam\/ins.php","gaps":false,"state":"CLOSED","stored":false,"size":4,"tx_id":0}}


suricata-4.0.0-etopen-all-perf.txt-2018-08-17-T-18-47-22-08172018.1847-merged.pcap.txt - (13654 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
  --------------------------------------------------------------------------
  Date: 8/17/2018 -- 18:47:22. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2011290      1        7        932872       12.87  1        0        932872      932872.00   0.00        932872.00  
  2        2017552      1        6        847588       11.70  1        0        847588      847588.00   0.00        847588.00  
  3        2017556      1        3        823492       11.36  1        0        823492      823492.00   0.00        823492.00  
  4        2021418      1        9        814744       11.24  1        0        814744      814744.00   0.00        814744.00  
  5        2012612      1        16       773376       10.67  1        0        773376      773376.00   0.00        773376.00  
  6        2022652      1        2        102208       1.41   1        1        102208      102208.00   102208.00   0.00       
  7        2022973      1        1        98472        1.36   2        0        79152       49236.00    0.00        49236.00   
  8        2009702      1        5        106736       1.47   6        0        61340       17789.33    0.00        17789.33   
  9        2014442      1        6        60648        0.84   1        0        60648       60648.00    0.00        60648.00   
  10       2019821      1        8        59824        0.83   1        1        59824       59824.00    59824.00    0.00       
  11       2016706      1        20       55008        0.76   1        0        55008       55008.00    0.00        55008.00   
  12       2020963      1        2        50352        0.69   1        0        50352       50352.00    0.00        50352.00   
  13       2017119      1        4        49612        0.68   1        0        49612       49612.00    0.00        49612.00   
  14       2016809      1        5        49056        0.68   1        0        49056       49056.00    0.00        49056.00   
  15       2017036      1        3        48180        0.66   1        0        48180       48180.00    0.00        48180.00   
  16       2025089      1        2        46844        0.65   1        0        46844       46844.00    0.00        46844.00   
  17       2021304      1        4        46680        0.64   1        0        46680       46680.00    0.00        46680.00   
  18       2021413      1        2        45628        0.63   1        0        45628       45628.00    0.00        45628.00   
  19       2022901      1        2        44284        0.61   1        0        44284       44284.00    0.00        44284.00   
  20       2021718      1        4        43308        0.60   1        0        43308       43308.00    0.00        43308.00   
  21       2019094      1        5        43304        0.60   1        0        43304       43304.00    0.00        43304.00   
  22       2017076      1        9        41740        0.58   1        0        41740       41740.00    0.00        41740.00   
  23       2017454      1        12       41620        0.57   1        0        41620       41620.00    0.00        41620.00   
  24       2020962      1        3        41164        0.57   1        0        41164       41164.00    0.00        41164.00   
  25       2022074      1        3        40700        0.56   1        0        40700       40700.00    0.00        40700.00   
  26       2024606      1        2        39840        0.55   1        0        39840       39840.00    0.00        39840.00   
  27       2024367      1        2        39072        0.54   1        0        39072       39072.00    0.00        39072.00   
  28       2017456      1        3        38096        0.53   1        0        38096       38096.00    0.00        38096.00   
  29       2024771      1        1        37192        0.51   1        0        37192       37192.00    0.00        37192.00   
  30       2020496      1        2        36648        0.51   1        0        36648       36648.00    0.00        36648.00   
  31       2014303      1        2        35948        0.50   1        0        35948       35948.00    0.00        35948.00   
  32       2024758      1        4        35816        0.49   1        0        35816       35816.00    0.00        35816.00   
  33       2008377      1        5        35672        0.49   1        0        35672       35672.00    0.00        35672.00   
  34       2014701      1        12       79172        1.09   6        0        35412       13195.33    0.00        13195.33   
  35       2019141      1        3        35404        0.49   1        0        35404       35404.00    0.00        35404.00   
  36       2021531      1        2        34212        0.47   1        0        34212       34212.00    0.00        34212.00   
  37       2015877      1        6        34188        0.47   1        0        34188       34188.00    0.00        34188.00   
  38       2009549      1        6        34144        0.47   1        0        34144       34144.00    0.00        34144.00   
  39       2020295      1        6        32940        0.45   1        0        32940       32940.00    0.00        32940.00   
  40       2019500      1        2        32616        0.45   1        0        32616       32616.00    0.00        32616.00   
  41       2017261      1        3        32592        0.45   1        0        32592       32592.00    0.00        32592.00   
  42       2020181      1        8        31908        0.44   1        0        31908       31908.00    0.00        31908.00   
  43       2020964      1        2        31868        0.44   1        0        31868       31868.00    0.00        31868.00   
  44       2017948      1        2        31408        0.43   1        0        31408       31408.00    0.00        31408.00   
  45       2021399      1        3        30840        0.43   1        0        30840       30840.00    0.00        30840.00   
  46       2012707      1        5        29260        0.40   1        0        29260       29260.00    0.00        29260.00   
  47       2007592      1        7        27816        0.38   1        0        27816       27816.00    0.00        27816.00   
  48       2019501      1        2        26556        0.37   1        0        26556       26556.00    0.00        26556.00   
  49       2022502      1        4        26336        0.36   1        0        26336       26336.00    0.00        26336.00   
  50       2019230      1        2        59924        0.83   4        0        26028       14981.00    0.00        14981.00   
  51       2024178      1        2        25912        0.36   1        0        25912       25912.00    0.00        25912.00   
  52       2003492      1        30       25784        0.36   1        0        25784       25784.00    0.00        25784.00   
  53       2016223      1        10       25716        0.35   1        0        25716       25716.00    0.00        25716.00   
  54       2022543      1        1        50968        0.70   2        0        25704       25484.00    0.00        25484.00   
  55       2020705      1        4        25592        0.35   1        0        25592       25592.00    0.00        25592.00   
  56       2012249      1        4        24940        0.34   1        0        24940       24940.00    0.00        24940.00   
  57       2019378      1        12       24888        0.34   1        0        24888       24888.00    0.00        24888.00   
  58       2024513      1        5        23884        0.33   1        0        23884       23884.00    0.00        23884.00   
  59       2014967      1        3        23880        0.33   1        0        23880       23880.00    0.00        23880.00   
  60       2014703      1        9        60004        0.83   6        0        23772       10000.67    0.00        10000.67   
  61       2014702      1        9        55584        0.77   6        0        22496       9264.00     0.00        9264.00    
  62       2013791      1        2        6404         0.09   1        0        6404        6404.00     0.00        6404.00    
  63       2008120      1        4        28480        0.39   6        0        6052        4746.67     0.00        4746.67    
  64       2010142      1        4        38944        0.54   10       0        5636        3894.40     0.00        3894.40    
  65       2008116      1        4        10872        0.15   2        0        5628        5436.00     0.00        5436.00    
  66       2009243      1        2        23128        0.32   5        0        5580        4625.60     0.00        4625.60    
  67       2010143      1        3        42824        0.59   10       0        5540        4282.40     0.00        4282.40    
  68       2023622      1        3        33716        0.47   8        0        5516        4214.50     0.00        4214.50    
  69       2023627      1        3        25108        0.35   6        0        5416        4184.67     0.00        4184.67    
  70       2023626      1        3        32996        0.46   8        0        5384        4124.50     0.00        4124.50    
  71       2025200      1        1        20044        0.28   4        0        5380        5011.00     0.00        5011.00    
  72       2010140      1        7        40724        0.56   10       0        5140        4072.40     0.00        4072.40    
  73       2023618      1        3        19680        0.27   5        0        5124        3936.00     0.00        3936.00    
  74       2019017      1        3        9512         0.13   2        0        5092        4756.00     0.00        4756.00    
  75       2008118      1        3        21556        0.30   5        0        4988        4311.20     0.00        4311.20    
  76       2023617      1        3        23276        0.32   6        0        4980        3879.33     0.00        3879.33    
  77       2023625      1        3        19944        0.28   5        0        4948        3988.80     0.00        3988.80    
  78       2013739      1        15       8976         0.12   2        0        4936        4488.00     0.00        4488.00    
  79       2023616      1        3        24652        0.34   6        0        4796        4108.67     0.00        4108.67    
  80       2023612      1        4        16636        0.23   4        0        4768        4159.00     0.00        4159.00    
  81       2023614      1        3        16576        0.23   4        0        4740        4144.00     0.00        4144.00    
  82       2100518      1        8        8680         0.12   2        0        4672        4340.00     0.00        4340.00    
  83       2023624      1        3        37500        0.52   10       0        4664        3750.00     0.00        3750.00    
  84       2008420      1        4        8620         0.12   2        0        4620        4310.00     0.00        4310.00    
  85       2019010      1        3        8760         0.12   2        0        4596        4380.00     0.00        4380.00    
  86       2008117      1        3        7716         0.11   2        0        4576        3858.00     0.00        3858.00    
  87       2023623      1        3        24160        0.33   6        0        4568        4026.67     0.00        4026.67    
  88       2023619      1        3        22348        0.31   6        0        4472        3724.67     0.00        3724.67    
  89       2023621      1        4        11520        0.16   3        0        4360        3840.00     0.00        3840.00    
  90       2019490      1        3        4276         0.06   1        0        4276        4276.00     0.00        4276.00    
  91       2013075      1        8        7152         0.10   2        0        4244        3576.00     0.00        3576.00    
  92       2021584      1        4        4204         0.06   1        0        4204        4204.00     0.00        4204.00    
  93       2100540      1        12       7580         0.10   2        0        4156        3790.00     0.00        3790.00    
  94       2008119      1        3        4092         0.06   1        0        4092        4092.00     0.00        4092.00    
  95       2023620      1        3        4092         0.06   1        0        4092        4092.00     0.00        4092.00    
  96       2023615      1        3        6920         0.10   2        0        4072        3460.00     0.00        3460.00    
  97       2011037      1        5        3984         0.05   1        0        3984        3984.00     0.00        3984.00    
  98       2018067      1        3        3908         0.05   1        0        3908        3908.00     0.00        3908.00    
  99       2014704      1        7        3884         0.05   1        0        3884        3884.00     0.00        3884.00    
  100      2100540      1        12       7484         0.10   2        0        3852        3742.00     0.00        3742.00    
  101      2017971      1        10       3788         0.05   1        0        3788        3788.00     0.00        3788.00    
  102      2102523      1        8        3620         0.05   1        0        3620        3620.00     0.00        3620.00    
  103      2102523      1        8        3620         0.05   1        0        3620        3620.00     0.00        3620.00    


keyword_perf.log - (8425 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/17/2018 -- 18:47:22
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             225920          54              54              14612           4183.00         4183.00         0.00           
  content          1234920         94              63              748524          13137.00        5429.00         28801.00       
  pcre             1009328         18              0               785592          56073.00        0.00            56073.00       
  byte_test        107300          18              8               30104           5961.00         8339.00         4058.00        
  isdataat         9372            2               0               4704            4686.00         0.00            4686.00        
  flowbits         17208           3               2               6612            5736.00         6462.00         4284.00        
  urilen           50728           13              9               5132            3902.00         4008.00         3664.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             225920          54              54              14612           4183.00         4183.00         0.00           
  flowbits         4284            1               0               4284            4284.00         0.00            4284.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          122080          16              13              43716           7630.00         8274.00         4838.00        
  byte_test        107300          18              8               30104           5961.00         8339.00         4058.00        
  isdataat         9372            2               0               4704            4686.00         0.00            4686.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         12924           2               2               6612            6462.00         6462.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          223812          44              31              8024            5086.00         4756.00         5872.00        
  pcre             1009328         18              0               785592          56073.00        0.00            56073.00       
  urilen           50728           13              9               5132            3902.00         4008.00         3664.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5228            1               0               5228            5228.00         0.00            5228.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          86348           19              16              8408            4544.00         4625.00         4112.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          761892          4               1               748524          190473.00       4108.00         252594.00      
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12928           4               0               3496            3232.00         0.00            3232.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          22632           6               2               4880            3772.00         4468.00         3424.00        


suricata-report-2018-08-17-T-18-47-22-08172018.1847-merged.pcap.txt - (17954 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/fbb1cbc7a611e51f35475592fb9a5622d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08172018.1847-merged.pcap -vvv -k none
elapsedtime:12.659300
stderr:
stdout:
17/8/2018 -- 18:47:09 - <Info> - Configuration node 'rule-files' redefined.
17/8/2018 -- 18:47:09 - <Notice> - This is Suricata version 4.0.0 RELEASE
17/8/2018 -- 18:47:09 - <Info> - CPUs/cores online: 1
17/8/2018 -- 18:47:09 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31954 and 'request-body-inspect-window' set to 16017 after randomization.
17/8/2018 -- 18:47:09 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31147 and 'response-body-inspect-window' set to 16420 after randomization.
17/8/2018 -- 18:47:09 - <Config> - DNS request flood protection level: 500
17/8/2018 -- 18:47:09 - <Config> - DNS per flow memcap (state-memcap): 524288
17/8/2018 -- 18:47:09 - <Config> - DNS global memcap: 16777216
17/8/2018 -- 18:47:09 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/8/2018 -- 18:47:09 - <Config> - preallocated 1000 hosts of size 136
17/8/2018 -- 18:47:09 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/8/2018 -- 18:47:09 - <Config> - using magic-file /usr/share/file/magic
17/8/2018 -- 18:47:09 - <Config> - Core dump size is unlimited.
17/8/2018 -- 18:47:09 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/8/2018 -- 18:47:09 - <Config> - preallocated 1000 defrag trackers of size 168
17/8/2018 -- 18:47:09 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/8/2018 -- 18:47:09 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/8/2018 -- 18:47:09 - <Config> - stream "memcap": 33554432
17/8/2018 -- 18:47:09 - <Config> - stream "midstream" session pickups: disabled
17/8/2018 -- 18:47:09 - <Config> - stream "async-oneside": disabled
17/8/2018 -- 18:47:09 - <Config> - stream "checksum-validation": disabled
17/8/2018 -- 18:47:09 - <Config> - stream."inline": disabled
17/8/2018 -- 18:47:09 - <Config> - stream "bypass": disabled
17/8/2018 -- 18:47:09 - <Config> - stream "max-synack-queued": 5
17/8/2018 -- 18:47:09 - <Config> - stream.reassembly "memcap": 134217728
17/8/2018 -- 18:47:09 - <Config> - stream.reassembly "depth": 0
17/8/2018 -- 18:47:09 - <Config> - stream.reassembly "toserver-chunk-size": 2599
17/8/2018 -- 18:47:09 - <Config> - stream.reassembly "toclient-chunk-size": 2594
17/8/2018 -- 18:47:09 - <Config> - stream.reassembly.raw: enabled
17/8/2018 -- 18:47:09 - <Config> - stream.reassembly "segment-prealloc": 2048
17/8/2018 -- 18:47:09 - <Config> - Delayed detect disabled
17/8/2018 -- 18:47:09 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/8/2018 -- 18:47:09 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/8/2018 -- 18:47:09 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/8/2018 -- 18:47:09 - <Config> - prefilter engines: MPM
17/8/2018 -- 18:47:09 - <Config> - IP reputation disabled
17/8/2018 -- 18:47:09 - <Perf> - Registered 148 keyword profiling counters.
17/8/2018 -- 18:47:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
17/8/2018 -- 18:47:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
17/8/2018 -- 18:47:09 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
17/8/2018 -- 18:47:12 - <Config> - No rules loaded from ET-emerging-icmp.rules.
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
17/8/2018 -- 18:47:12 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
17/8/2018 -- 18:47:13 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
17/8/2018 -- 18:47:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
17/8/2018 -- 18:47:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
17/8/2018 -- 18:47:14 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
17/8/2018 -- 18:47:17 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
17/8/2018 -- 18:47:18 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
17/8/2018 -- 18:47:18 - <Config> - No rules loaded from local.rules.
17/8/2018 -- 18:47:18 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
17/8/2018 -- 18:47:18 - <Info> - Threshold config parsed: 0 rule(s) found
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for tcp-packet
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for tcp-stream
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for udp-packet
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for other-ip
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_uri
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_request_line
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_client_body
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_response_line
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_header
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_header
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_header_names
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_header_names
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_accept
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_accept_enc
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_accept_lang
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_referer
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_connection
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_content_len
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_content_len
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_content_type
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_content_type
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_protocol
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_protocol
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_start
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_start
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_raw_header
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_raw_header
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_method
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_cookie
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_cookie
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_raw_uri
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_user_agent
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_host
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_raw_host
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_stat_msg
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_stat_code
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for dns_query
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for tls_sni
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for tls_cert_serial
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for dce_stub_data
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for dce_stub_data
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for ssh_protocol
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for ssh_protocol
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for ssh_software
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for ssh_software
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for file_data
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for file_data
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_request_line
17/8/2018 -- 18:47:18 - <Perf> - using shared mpm ctx' for http_response_line
17/8/2018 -- 18:47:18 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
17/8/2018 -- 18:47:18 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/8/2018 -- 18:47:18 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
17/8/2018 -- 18:47:18 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
17/8/2018 -- 18:47:18 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
17/8/2018 -- 18:47:18 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
17/8/2018 -- 18:47:18 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
17/8/2018 -- 18:47:18 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/8/2018 -- 18:47:20 - <Perf> - Unique rule groups: 111
17/8/2018 -- 18:47:20 - <Perf> - Builtin MPM "toserver TCP packet": 31
17/8/2018 -- 18:47:20 - <Perf> - Builtin MPM "toclient TCP packet": 20
17/8/2018 -- 18:47:20 - <Perf> - Builtin MPM "toserver TCP stream": 31
17/8/2018 -- 18:47:20 - <Perf> - Builtin MPM "toclient TCP stream": 21
17/8/2018 -- 18:47:20 - <Perf> - Builtin MPM "toserver UDP packet": 33
17/8/2018 -- 18:47:20 - <Perf> - Builtin MPM "toclient UDP packet": 15
17/8/2018 -- 18:47:20 - <Perf> - Builtin MPM "other IP packet": 2
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_uri": 8
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_request_line": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient http_response_line": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_header": 6
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient http_header": 3
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_header_names": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_accept": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_referer": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_content_len": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_content_type": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient http_content_type": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_start": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_method": 3
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver http_host": 2
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver tls_sni": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toserver file_data": 1
17/8/2018 -- 18:47:20 - <Perf> - AppLayer MPM "toclient file_data": 5
17/8/2018 -- 18:47:21 - <Perf> - Registered 18241 rule profiling counters.
17/8/2018 -- 18:47:21 - <Info> - fast output device (regular) initialized: alert
17/8/2018 -- 18:47:21 - <Info> - eve-log output device (regular) initialized: eve.json
17/8/2018 -- 18:47:21 - <Config> - enabling 'eve-log' module 'alert'
17/8/2018 -- 18:47:21 - <Config> - enabling 'eve-log' module 'http'
17/8/2018 -- 18:47:21 - <Config> - enabling 'eve-log' module 'dns'
17/8/2018 -- 18:47:21 - <Config> - enabling 'eve-log' module 'tls'
17/8/2018 -- 18:47:21 - <Config> - enabling 'eve-log' module 'files'
17/8/2018 -- 18:47:21 - <Config> - enabling 'eve-log' module 'ssh'
17/8/2018 -- 18:47:21 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
17/8/2018 -- 18:47:21 - <Info> - stats 

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1149 bytes) - download
1
2
3
4
5
6
7
8
2018-08-17 18:47:08,169 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-08-17 18:47:09,558 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-08-17 18:47:09,559 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-08-17 18:47:09,560 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-08-17 18:47:09,560 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-08-17 18:47:09,560 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/fbb1cbc7a611e51f35475592fb9a5622d2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08172018.1847-merged.pcap -vvv -k none
2018-08-17 18:47:22,223 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-08-17 18:47:22,224 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 14.0738050938