Project

General

Profile

Download (4.18 KB)

Bug #2858 » alert-debug.log

Suricata's alert-debug.log - spencer walden, 08/29/2019 10:17 PM

 
+================
TIME: 03/01/2019-01:13:39.800519
PCAP PKT NUM: 59
PKT SRC: wire/pcap
SRC IP: 172.28.128.9
DST IP: 172.28.128.10
PROTO: 6
SRC PORT: 8080
DST PORT: 50666
TCP SEQ: 3373388884
TCP ACK: 1197728138
FLOW: to_server: FALSE, to_client: TRUE
FLOW Start TS: 03/01/2019-01:13:36.705786
FLOW PKTS TODST: 5
FLOW PKTS TOSRC: 5
FLOW Total Bytes: 832
FLOW IPONLY SET: TOSERVER: TRUE, TOCLIENT: TRUE
FLOW ACTION: DROP: FALSE
FLOW NOINSPECTION: PACKET: FALSE, PAYLOAD: FALSE, APP_LAYER: FALSE
FLOW APP_LAYER: DETECTED: FALSE, PROTO 0
PACKET LEN: 69
PACKET:
0000 08 00 27 59 7D D1 08 00 27 5C B3 68 08 00 45 00 ..'Y}... '\.h..E.
0010 00 37 C8 09 40 00 40 06 1A 6B AC 1C 80 09 AC 1C .7..@.@. .k......
0020 80 0A 1F 90 C5 EA C9 11 D4 54 47 63 E1 8A 80 18 ........ .TGc....
0030 00 E3 E4 B5 00 00 01 01 08 0A 00 CC 1F 58 00 CB ........ .....X..
0040 F5 9A 6C 73 0A ..ls.
ALERT CNT: 1
ALERT MSG [00]: EXAMPLE No App Layer Protocol Check ls
ALERT GID [00]: 1
ALERT SID [00]: 6
ALERT REV [00]: 1
ALERT CLASS [00]: Misc activity
ALERT PRIO [00]: 3
ALERT FOUND IN [00]: PACKET
ALERT IN TX [00]: N/A
PAYLOAD LEN: 3
PAYLOAD:
0000 6C 73 0A ls.
+================
TIME: 03/01/2019-01:13:40.657199
PCAP PKT NUM: 71
PKT SRC: wire/pcap
SRC IP: 172.28.128.9
DST IP: 172.28.128.10
PROTO: 6
SRC PORT: 8080
DST PORT: 50666
TCP SEQ: 3373388887
TCP ACK: 1197728219
FLOW: to_server: FALSE, to_client: TRUE
FLOW Start TS: 03/01/2019-01:13:36.705786
FLOW PKTS TODST: 11
FLOW PKTS TOSRC: 11
FLOW Total Bytes: 1709
FLOW IPONLY SET: TOSERVER: TRUE, TOCLIENT: TRUE
FLOW ACTION: DROP: FALSE
FLOW NOINSPECTION: PACKET: FALSE, PAYLOAD: FALSE, APP_LAYER: FALSE
FLOW APP_LAYER: DETECTED: FALSE, PROTO 0
PACKET LEN: 70
PACKET:
0000 08 00 27 59 7D D1 08 00 27 5C B3 68 08 00 45 00 ..'Y}... '\.h..E.
0010 00 38 C8 0F 40 00 40 06 1A 64 AC 1C 80 09 AC 1C .8..@.@. .d......
0020 80 0A 1F 90 C5 EA C9 11 D4 57 47 63 E1 DB 80 18 ........ .WGc....
0030 00 E3 82 77 00 00 01 01 08 0A 00 CC 20 2E 00 CB ...w.... .... ...
0040 F8 9F 70 77 64 0A ..pwd.
ALERT CNT: 1
ALERT MSG [00]: EXAMPLE No App Layer Protocol Check pwd
ALERT GID [00]: 1
ALERT SID [00]: 4
ALERT REV [00]: 1
ALERT CLASS [00]: Misc activity
ALERT PRIO [00]: 3
ALERT FOUND IN [00]: PACKET
ALERT IN TX [00]: N/A
PAYLOAD LEN: 4
PAYLOAD:
0000 70 77 64 0A pwd.
+================
TIME: 03/01/2019-01:13:46.657290
PCAP PKT NUM: 82
PKT SRC: wire/pcap
SRC IP: 172.28.128.9
DST IP: 172.28.128.10
PROTO: 6
SRC PORT: 8080
DST PORT: 50666
TCP SEQ: 3373388891
TCP ACK: 1197728275
FLOW: to_server: FALSE, to_client: TRUE
FLOW Start TS: 03/01/2019-01:13:36.705786
FLOW PKTS TODST: 14
FLOW PKTS TOSRC: 15
FLOW Total Bytes: 2234
FLOW IPONLY SET: TOSERVER: TRUE, TOCLIENT: TRUE
FLOW ACTION: DROP: FALSE
FLOW NOINSPECTION: PACKET: FALSE, PAYLOAD: FALSE, APP_LAYER: FALSE
FLOW APP_LAYER: DETECTED: FALSE, PROTO 0
PACKET LEN: 73
PACKET:
0000 08 00 27 59 7D D1 08 00 27 5C B3 68 08 00 45 00 ..'Y}... '\.h..E.
0010 00 3B C8 13 40 00 40 06 1A 5D AC 1C 80 09 AC 1C .;..@.@. .]......
0020 80 0A 1F 90 C5 EA C9 11 D4 5B 47 63 E2 13 80 18 ........ .[Gc....
0030 00 E3 F1 D4 00 00 01 01 08 0A 00 CC 26 0A 00 CB ........ ....&...
0040 F9 75 77 68 6F 61 6D 69 0A .uwhoami .
ALERT CNT: 1
ALERT MSG [00]: EXAMPLE No App Layer Protocol Check whoami
ALERT GID [00]: 1
ALERT SID [00]: 5
ALERT REV [00]: 1
ALERT CLASS [00]: Misc activity
ALERT PRIO [00]: 3
ALERT FOUND IN [00]: PACKET
ALERT IN TX [00]: N/A
PAYLOAD LEN: 7
PAYLOAD:
0000 77 68 6F 61 6D 69 0A whoami.
(1-1/4)