1/4/2014 -- 14:46:37 - - This is Suricata version 2.0 RELEASE 1/4/2014 -- 14:46:37 - - CPUs/cores online: 8 1/4/2014 -- 14:46:37 - - Live rule reloads enabled 1/4/2014 -- 14:46:37 - - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 4053 after randomization. 1/4/2014 -- 14:46:37 - - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 4218 after randomization. 1/4/2014 -- 14:46:37 - - [ERRCODE: SC_ERR_DNS_CONFIG(239)] - no DNS UDP config found, enabling DNS detection on port 53. 1/4/2014 -- 14:46:37 - - DNS request flood protection level: 500 1/4/2014 -- 14:46:37 - - DNS per flow memcap (state-memcap): 524288 1/4/2014 -- 14:46:37 - - DNS global memcap: 16777216 1/4/2014 -- 14:46:37 - - [ERRCODE: SC_ERR_DNS_CONFIG(239)] - no DNS TCP config found, enabling DNS detection on port 53. 1/4/2014 -- 14:46:37 - - No 'host-mode': suricata is in IDS mode, using default setting 'sniffer-only' 1/4/2014 -- 14:46:37 - - AutoFP mode using default "Active Packets" flow load balancer 1/4/2014 -- 14:46:37 - - preallocated 5000 packets. Total memory 17410000 1/4/2014 -- 14:46:37 - - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 1/4/2014 -- 14:46:37 - - preallocated 1000 hosts of size 112 1/4/2014 -- 14:46:37 - - host memory usage: 390144 bytes, maximum: 16777216 1/4/2014 -- 14:46:37 - - IP reputation disabled 1/4/2014 -- 14:46:37 - - using magic-file /usr/share/file/magic 1/4/2014 -- 14:46:37 - - Delayed detect disabled 1/4/2014 -- 14:46:39 - - [ERRCODE: SC_ERR_NO_RULES(42)] - No rules loaded from /etc/suricata/rules/etpro-icmp.rules 1/4/2014 -- 14:46:39 - - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /etc/suricata/rules/etpro-http-events.rules: No such file or directory. 1/4/2014 -- 14:46:39 - - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening rule file /etc/suricata/rules/etpro-smtp-events.rules: No such file or directory. 1/4/2014 -- 14:46:40 - - 34 rule files processed. 12969 rules successfully loaded, 0 rules failed 1/4/2014 -- 14:46:40 - - 12977 signatures processed. 7 are IP-only rules, 5929 are inspecting packet payload, 9160 inspect application layer, 72 are decoder event only 1/4/2014 -- 14:46:40 - - building signature grouping structure, stage 1: preprocessing rules... complete 1/4/2014 -- 14:46:40 - - building signature grouping structure, stage 2: building source address list... complete 1/4/2014 -- 14:46:49 - - building signature grouping structure, stage 3: building destination address lists... complete 1/4/2014 -- 14:46:50 - - Threshold config parsed: 0 rule(s) found 1/4/2014 -- 14:46:50 - - Core dump size set to unlimited. 1/4/2014 -- 14:46:50 - - all 0 packet processing threads, 0 management threads initialized, engine started. 1/4/2014 -- 14:47:10 - - Unix socket: client version: "0.1" 1/4/2014 -- 14:47:10 - - Unix socket: client connected 1/4/2014 -- 14:47:16 - - Added file '/home/jjones/2014-03-04-Hello-EK-traffic.pcap' to list 1/4/2014 -- 14:47:16 - - Starting run for '/home/jjones/2014-03-04-Hello-EK-traffic.pcap' 1/4/2014 -- 14:47:16 - - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56 1/4/2014 -- 14:47:16 - - preallocated 65535 defrag trackers of size 152 1/4/2014 -- 14:47:16 - - defrag memory usage: 10190696 bytes, maximum: 16777216 1/4/2014 -- 14:47:16 - - stream "prealloc-sessions": 2048 (per thread) 1/4/2014 -- 14:47:16 - - stream "memcap": 33554432 1/4/2014 -- 14:47:16 - - stream "midstream" session pickups: disabled 1/4/2014 -- 14:47:16 - - stream "async-oneside": disabled 1/4/2014 -- 14:47:16 - - stream "checksum-validation": disabled 1/4/2014 -- 14:47:16 - - stream."inline": disabled 1/4/2014 -- 14:47:16 - - stream "max-synack-queued": 5 1/4/2014 -- 14:47:16 - - stream.reassembly "memcap": 67108864 1/4/2014 -- 14:47:16 - - stream.reassembly "depth": 1048576 1/4/2014 -- 14:47:16 - - stream.reassembly "toserver-chunk-size": 2497 1/4/2014 -- 14:47:16 - - stream.reassembly "toclient-chunk-size": 2491 1/4/2014 -- 14:47:16 - - stream.reassembly.raw: enabled 1/4/2014 -- 14:47:16 - - segment pool: pktsize 4, prealloc 256 1/4/2014 -- 14:47:16 - - segment pool: pktsize 16, prealloc 512 1/4/2014 -- 14:47:16 - - segment pool: pktsize 112, prealloc 512 1/4/2014 -- 14:47:16 - - segment pool: pktsize 248, prealloc 512 1/4/2014 -- 14:47:16 - - segment pool: pktsize 512, prealloc 512 1/4/2014 -- 14:47:16 - - segment pool: pktsize 768, prealloc 1024 1/4/2014 -- 14:47:16 - - segment pool: pktsize 1448, prealloc 1024 1/4/2014 -- 14:47:16 - - segment pool: pktsize 65535, prealloc 128 1/4/2014 -- 14:47:16 - - stream.reassembly "chunk-prealloc": 250 1/4/2014 -- 14:47:16 - - fast output device (regular) initialized: fast.log 1/4/2014 -- 14:47:16 - - Unified2-alert initialized: filename unified2.alert, limit 32 MB 1/4/2014 -- 14:47:16 - - http-log output device (regular) initialized: http.log 1/4/2014 -- 14:47:16 - - Syslog output initialized 1/4/2014 -- 14:47:16 - - reading pcap file /home/jjones/2014-03-04-Hello-EK-traffic.pcap 1/4/2014 -- 14:47:16 - - Added file '/home/jjones/AML-13657684.rsrc-59750657.dynamic.pcap' to list 1/4/2014 -- 14:47:16 - - pcap file end of file reached (pcap err code 0) 1/4/2014 -- 14:47:16 - - Added file '/home/jjones/AML-13685528.rsrc-60216130.dynamic.pcap' to list 1/4/2014 -- 14:47:16 - - 0 new flows, 0 established flows were timed out, 0 flows in closed state 1/4/2014 -- 14:47:16 - - Pcap-file module read 370 packets, 298928 bytes 1/4/2014 -- 14:47:16 - - AutoFP - Total flow handler queues - 12 1/4/2014 -- 14:47:16 - - AutoFP - Queue 0 - pkts: 2 flows: 1 1/4/2014 -- 14:47:16 - - AutoFP - Queue 1 - pkts: 17 flows: 1 1/4/2014 -- 14:47:16 - - AutoFP - Queue 2 - pkts: 18 flows: 1 1/4/2014 -- 14:47:16 - - AutoFP - Queue 3 - pkts: 21 flows: 1 1/4/2014 -- 14:47:16 - - AutoFP - Queue 4 - pkts: 2 flows: 1 1/4/2014 -- 14:47:16 - - AutoFP - Queue 5 - pkts: 2 flows: 1 1/4/2014 -- 14:47:16 - - AutoFP - Queue 6 - pkts: 2 flows: 1 1/4/2014 -- 14:47:16 - - AutoFP - Queue 7 - pkts: 18 flows: 1 1/4/2014 -- 14:47:16 - - AutoFP - Queue 8 - pkts: 288 flows: 1 1/4/2014 -- 14:47:16 - - AutoFP - Queue 9 - pkts: 0 flows: 0 1/4/2014 -- 14:47:16 - - AutoFP - Queue 10 - pkts: 0 flows: 0 1/4/2014 -- 14:47:16 - - AutoFP - Queue 11 - pkts: 0 flows: 0 1/4/2014 -- 14:47:16 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect1) Alerts 6 1/4/2014 -- 14:47:16 - - Alert unified2 module wrote 6 alerts 1/4/2014 -- 14:47:16 - - HTTP logger logged 0 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 17 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect2) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 2 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 18 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect3) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 1 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 21 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect4) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 1 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect5) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 0 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect6) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 0 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect7) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 0 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 18 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect8) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 1 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 288 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect9) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 1 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect10) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 0 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect11) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 0 requests 1/4/2014 -- 14:47:16 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:16 - - Fast log output wrote 6 alerts 1/4/2014 -- 14:47:16 - - (Detect12) Alerts 6 1/4/2014 -- 14:47:16 - - HTTP logger logged 0 requests 1/4/2014 -- 14:47:16 - - Starting run for '/home/jjones/AML-13657684.rsrc-59750657.dynamic.pcap' 1/4/2014 -- 14:47:16 - - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56 1/4/2014 -- 14:47:16 - - preallocated 65535 defrag trackers of size 152 1/4/2014 -- 14:47:16 - - defrag memory usage: 10190696 bytes, maximum: 16777216 1/4/2014 -- 14:47:16 - - stream "prealloc-sessions": 2048 (per thread) 1/4/2014 -- 14:47:16 - - stream "memcap": 33554432 1/4/2014 -- 14:47:16 - - stream "midstream" session pickups: disabled 1/4/2014 -- 14:47:16 - - stream "async-oneside": disabled 1/4/2014 -- 14:47:16 - - stream "checksum-validation": disabled 1/4/2014 -- 14:47:16 - - stream."inline": disabled 1/4/2014 -- 14:47:16 - - stream "max-synack-queued": 5 1/4/2014 -- 14:47:16 - - stream.reassembly "memcap": 67108864 1/4/2014 -- 14:47:16 - - stream.reassembly "depth": 1048576 1/4/2014 -- 14:47:16 - - stream.reassembly "toserver-chunk-size": 2497 1/4/2014 -- 14:47:16 - - stream.reassembly "toclient-chunk-size": 2491 1/4/2014 -- 14:47:16 - - stream.reassembly.raw: enabled 1/4/2014 -- 14:47:16 - - segment pool: pktsize 4, prealloc 256 1/4/2014 -- 14:47:16 - - segment pool: pktsize 16, prealloc 512 1/4/2014 -- 14:47:16 - - segment pool: pktsize 112, prealloc 512 1/4/2014 -- 14:47:16 - - segment pool: pktsize 248, prealloc 512 1/4/2014 -- 14:47:16 - - segment pool: pktsize 512, prealloc 512 1/4/2014 -- 14:47:16 - - segment pool: pktsize 768, prealloc 1024 1/4/2014 -- 14:47:16 - - segment pool: pktsize 1448, prealloc 1024 1/4/2014 -- 14:47:16 - - segment pool: pktsize 65535, prealloc 128 1/4/2014 -- 14:47:16 - - stream.reassembly "chunk-prealloc": 250 1/4/2014 -- 14:47:16 - - fast output device (regular) initialized: fast.log 1/4/2014 -- 14:47:16 - - Unified2-alert initialized: filename unified2.alert, limit 32 MB 1/4/2014 -- 14:47:16 - - http-log output device (regular) initialized: http.log 1/4/2014 -- 14:47:16 - - Syslog output initialized 1/4/2014 -- 14:47:16 - - reading pcap file /home/jjones/AML-13657684.rsrc-59750657.dynamic.pcap 1/4/2014 -- 14:47:16 - - Added file '/home/jjones/AML-13694010.rsrc-60587531.dynamic.pcap' to list 1/4/2014 -- 14:47:16 - - pcap file end of file reached (pcap err code 0) 1/4/2014 -- 14:47:18 - - 0 new flows, 0 established flows were timed out, 0 flows in closed state 1/4/2014 -- 14:47:18 - - Pcap-file module read 34 packets, 16993 bytes 1/4/2014 -- 14:47:18 - - AutoFP - Total flow handler queues - 12 1/4/2014 -- 14:47:18 - - AutoFP - Queue 0 - pkts: 3 flows: 1 1/4/2014 -- 14:47:18 - - AutoFP - Queue 1 - pkts: 28 flows: 1 1/4/2014 -- 14:47:18 - - AutoFP - Queue 2 - pkts: 1 flows: 0 1/4/2014 -- 14:47:18 - - AutoFP - Queue 3 - pkts: 1 flows: 0 1/4/2014 -- 14:47:18 - - AutoFP - Queue 4 - pkts: 1 flows: 0 1/4/2014 -- 14:47:18 - - AutoFP - Queue 5 - pkts: 1 flows: 0 1/4/2014 -- 14:47:18 - - AutoFP - Queue 6 - pkts: 1 flows: 0 1/4/2014 -- 14:47:18 - - AutoFP - Queue 7 - pkts: 1 flows: 0 1/4/2014 -- 14:47:18 - - AutoFP - Queue 8 - pkts: 0 flows: 0 1/4/2014 -- 14:47:18 - - AutoFP - Queue 9 - pkts: 0 flows: 0 1/4/2014 -- 14:47:18 - - AutoFP - Queue 10 - pkts: 0 flows: 0 1/4/2014 -- 14:47:18 - - AutoFP - Queue 11 - pkts: 0 flows: 0 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 27 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:18 - - Starting run for '/home/jjones/AML-13685528.rsrc-60216130.dynamic.pcap' 1/4/2014 -- 14:47:18 - - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56 1/4/2014 -- 14:47:18 - - preallocated 65535 defrag trackers of size 152 1/4/2014 -- 14:47:18 - - defrag memory usage: 10190696 bytes, maximum: 16777216 1/4/2014 -- 14:47:18 - - stream "prealloc-sessions": 2048 (per thread) 1/4/2014 -- 14:47:18 - - stream "memcap": 33554432 1/4/2014 -- 14:47:18 - - stream "midstream" session pickups: disabled 1/4/2014 -- 14:47:18 - - stream "async-oneside": disabled 1/4/2014 -- 14:47:18 - - stream "checksum-validation": disabled 1/4/2014 -- 14:47:18 - - stream."inline": disabled 1/4/2014 -- 14:47:18 - - stream "max-synack-queued": 5 1/4/2014 -- 14:47:18 - - stream.reassembly "memcap": 67108864 1/4/2014 -- 14:47:18 - - stream.reassembly "depth": 1048576 1/4/2014 -- 14:47:18 - - stream.reassembly "toserver-chunk-size": 2553 1/4/2014 -- 14:47:18 - - stream.reassembly "toclient-chunk-size": 2573 1/4/2014 -- 14:47:18 - - stream.reassembly.raw: enabled 1/4/2014 -- 14:47:18 - - segment pool: pktsize 4, prealloc 256 1/4/2014 -- 14:47:18 - - segment pool: pktsize 16, prealloc 512 1/4/2014 -- 14:47:18 - - segment pool: pktsize 112, prealloc 512 1/4/2014 -- 14:47:18 - - segment pool: pktsize 248, prealloc 512 1/4/2014 -- 14:47:18 - - segment pool: pktsize 512, prealloc 512 1/4/2014 -- 14:47:18 - - segment pool: pktsize 768, prealloc 1024 1/4/2014 -- 14:47:18 - - segment pool: pktsize 1448, prealloc 1024 1/4/2014 -- 14:47:18 - - segment pool: pktsize 65535, prealloc 128 1/4/2014 -- 14:47:18 - - stream.reassembly "chunk-prealloc": 250 1/4/2014 -- 14:47:18 - - fast output device (regular) initialized: fast.log 1/4/2014 -- 14:47:18 - - Unified2-alert initialized: filename unified2.alert, limit 32 MB 1/4/2014 -- 14:47:18 - - http-log output device (regular) initialized: http.log 1/4/2014 -- 14:47:18 - - Syslog output initialized 1/4/2014 -- 14:47:18 - - reading pcap file /home/jjones/AML-13685528.rsrc-60216130.dynamic.pcap 1/4/2014 -- 14:47:18 - - Added file '/home/jjones/d8ee9cd4d89657117b199b99120a59e0.pcap' to list 1/4/2014 -- 14:47:18 - - pcap file end of file reached (pcap err code 0) 1/4/2014 -- 14:47:19 - - 0 new flows, 0 established flows were timed out, 0 flows in closed state 1/4/2014 -- 14:47:19 - - Pcap-file module read 17 packets, 1614 bytes 1/4/2014 -- 14:47:19 - - AutoFP - Total flow handler queues - 12 1/4/2014 -- 14:47:19 - - AutoFP - Queue 0 - pkts: 3 flows: 2 1/4/2014 -- 14:47:19 - - AutoFP - Queue 1 - pkts: 8 flows: 1 1/4/2014 -- 14:47:19 - - AutoFP - Queue 2 - pkts: 1 flows: 1 1/4/2014 -- 14:47:19 - - AutoFP - Queue 3 - pkts: 7 flows: 1 1/4/2014 -- 14:47:19 - - AutoFP - Queue 4 - pkts: 0 flows: 0 1/4/2014 -- 14:47:19 - - AutoFP - Queue 5 - pkts: 0 flows: 0 1/4/2014 -- 14:47:19 - - AutoFP - Queue 6 - pkts: 0 flows: 0 1/4/2014 -- 14:47:19 - - AutoFP - Queue 7 - pkts: 0 flows: 0 1/4/2014 -- 14:47:19 - - AutoFP - Queue 8 - pkts: 0 flows: 0 1/4/2014 -- 14:47:19 - - AutoFP - Queue 9 - pkts: 0 flows: 0 1/4/2014 -- 14:47:19 - - AutoFP - Queue 10 - pkts: 0 flows: 0 1/4/2014 -- 14:47:19 - - AutoFP - Queue 11 - pkts: 0 flows: 0 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 7 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:19 - - Starting run for '/home/jjones/AML-13694010.rsrc-60587531.dynamic.pcap' 1/4/2014 -- 14:47:19 - - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56 1/4/2014 -- 14:47:19 - - preallocated 65535 defrag trackers of size 152 1/4/2014 -- 14:47:19 - - defrag memory usage: 10190696 bytes, maximum: 16777216 1/4/2014 -- 14:47:19 - - stream "prealloc-sessions": 2048 (per thread) 1/4/2014 -- 14:47:19 - - stream "memcap": 33554432 1/4/2014 -- 14:47:19 - - stream "midstream" session pickups: disabled 1/4/2014 -- 14:47:19 - - stream "async-oneside": disabled 1/4/2014 -- 14:47:19 - - stream "checksum-validation": disabled 1/4/2014 -- 14:47:19 - - stream."inline": disabled 1/4/2014 -- 14:47:19 - - stream "max-synack-queued": 5 1/4/2014 -- 14:47:19 - - stream.reassembly "memcap": 67108864 1/4/2014 -- 14:47:19 - - stream.reassembly "depth": 1048576 1/4/2014 -- 14:47:19 - - stream.reassembly "toserver-chunk-size": 2518 1/4/2014 -- 14:47:19 - - stream.reassembly "toclient-chunk-size": 2680 1/4/2014 -- 14:47:19 - - stream.reassembly.raw: enabled 1/4/2014 -- 14:47:19 - - segment pool: pktsize 4, prealloc 256 1/4/2014 -- 14:47:19 - - segment pool: pktsize 16, prealloc 512 1/4/2014 -- 14:47:19 - - segment pool: pktsize 112, prealloc 512 1/4/2014 -- 14:47:19 - - segment pool: pktsize 248, prealloc 512 1/4/2014 -- 14:47:19 - - segment pool: pktsize 512, prealloc 512 1/4/2014 -- 14:47:19 - - segment pool: pktsize 768, prealloc 1024 1/4/2014 -- 14:47:19 - - segment pool: pktsize 1448, prealloc 1024 1/4/2014 -- 14:47:19 - - segment pool: pktsize 65535, prealloc 128 1/4/2014 -- 14:47:19 - - stream.reassembly "chunk-prealloc": 250 1/4/2014 -- 14:47:19 - - fast output device (regular) initialized: fast.log 1/4/2014 -- 14:47:19 - - Unified2-alert initialized: filename unified2.alert, limit 32 MB 1/4/2014 -- 14:47:19 - - http-log output device (regular) initialized: http.log 1/4/2014 -- 14:47:19 - - Syslog output initialized 1/4/2014 -- 14:47:19 - - reading pcap file /home/jjones/AML-13694010.rsrc-60587531.dynamic.pcap 1/4/2014 -- 14:47:19 - - pcap file end of file reached (pcap err code 0) 1/4/2014 -- 14:47:20 - - 0 new flows, 0 established flows were timed out, 0 flows in closed state 1/4/2014 -- 14:47:20 - - Pcap-file module read 22 packets, 3035 bytes 1/4/2014 -- 14:47:20 - - AutoFP - Total flow handler queues - 12 1/4/2014 -- 14:47:20 - - AutoFP - Queue 0 - pkts: 2 flows: 1 1/4/2014 -- 14:47:20 - - AutoFP - Queue 1 - pkts: 10 flows: 1 1/4/2014 -- 14:47:20 - - AutoFP - Queue 2 - pkts: 10 flows: 1 1/4/2014 -- 14:47:20 - - AutoFP - Queue 3 - pkts: 0 flows: 0 1/4/2014 -- 14:47:20 - - AutoFP - Queue 4 - pkts: 0 flows: 0 1/4/2014 -- 14:47:20 - - AutoFP - Queue 5 - pkts: 0 flows: 0 1/4/2014 -- 14:47:20 - - AutoFP - Queue 6 - pkts: 0 flows: 0 1/4/2014 -- 14:47:20 - - AutoFP - Queue 7 - pkts: 0 flows: 0 1/4/2014 -- 14:47:20 - - AutoFP - Queue 8 - pkts: 0 flows: 0 1/4/2014 -- 14:47:20 - - AutoFP - Queue 9 - pkts: 0 flows: 0 1/4/2014 -- 14:47:20 - - AutoFP - Queue 10 - pkts: 0 flows: 0 1/4/2014 -- 14:47:20 - - AutoFP - Queue 11 - pkts: 0 flows: 0 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 10 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 10 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:20 - - Starting run for '/home/jjones/d8ee9cd4d89657117b199b99120a59e0.pcap' 1/4/2014 -- 14:47:20 - - allocated 229376 bytes of memory for the defrag hash... 4096 buckets of size 56 1/4/2014 -- 14:47:20 - - preallocated 65535 defrag trackers of size 152 1/4/2014 -- 14:47:20 - - defrag memory usage: 10190696 bytes, maximum: 16777216 1/4/2014 -- 14:47:20 - - stream "prealloc-sessions": 2048 (per thread) 1/4/2014 -- 14:47:20 - - stream "memcap": 33554432 1/4/2014 -- 14:47:20 - - stream "midstream" session pickups: disabled 1/4/2014 -- 14:47:20 - - stream "async-oneside": disabled 1/4/2014 -- 14:47:20 - - stream "checksum-validation": disabled 1/4/2014 -- 14:47:20 - - stream."inline": disabled 1/4/2014 -- 14:47:20 - - stream "max-synack-queued": 5 1/4/2014 -- 14:47:20 - - stream.reassembly "memcap": 67108864 1/4/2014 -- 14:47:20 - - stream.reassembly "depth": 1048576 1/4/2014 -- 14:47:20 - - stream.reassembly "toserver-chunk-size": 2479 1/4/2014 -- 14:47:20 - - stream.reassembly "toclient-chunk-size": 2656 1/4/2014 -- 14:47:20 - - stream.reassembly.raw: enabled 1/4/2014 -- 14:47:20 - - segment pool: pktsize 4, prealloc 256 1/4/2014 -- 14:47:20 - - segment pool: pktsize 16, prealloc 512 1/4/2014 -- 14:47:20 - - segment pool: pktsize 112, prealloc 512 1/4/2014 -- 14:47:20 - - segment pool: pktsize 248, prealloc 512 1/4/2014 -- 14:47:20 - - segment pool: pktsize 512, prealloc 512 1/4/2014 -- 14:47:20 - - segment pool: pktsize 768, prealloc 1024 1/4/2014 -- 14:47:20 - - segment pool: pktsize 1448, prealloc 1024 1/4/2014 -- 14:47:20 - - segment pool: pktsize 65535, prealloc 128 1/4/2014 -- 14:47:20 - - stream.reassembly "chunk-prealloc": 250 1/4/2014 -- 14:47:20 - - fast output device (regular) initialized: fast.log 1/4/2014 -- 14:47:20 - - Unified2-alert initialized: filename unified2.alert, limit 32 MB 1/4/2014 -- 14:47:20 - - http-log output device (regular) initialized: http.log 1/4/2014 -- 14:47:20 - - Syslog output initialized 1/4/2014 -- 14:47:20 - - reading pcap file /home/jjones/d8ee9cd4d89657117b199b99120a59e0.pcap 1/4/2014 -- 14:47:20 - - pcap file end of file reached (pcap err code 0) 1/4/2014 -- 14:47:21 - - 0 new flows, 0 established flows were timed out, 0 flows in closed state 1/4/2014 -- 14:47:21 - - Pcap-file module read 962 packets, 726387 bytes 1/4/2014 -- 14:47:21 - - AutoFP - Total flow handler queues - 12 1/4/2014 -- 14:47:21 - - AutoFP - Queue 0 - pkts: 19 flows: 2 1/4/2014 -- 14:47:21 - - AutoFP - Queue 1 - pkts: 163 flows: 1 1/4/2014 -- 14:47:21 - - AutoFP - Queue 2 - pkts: 16 flows: 2 1/4/2014 -- 14:47:21 - - AutoFP - Queue 3 - pkts: 121 flows: 1 1/4/2014 -- 14:47:21 - - AutoFP - Queue 4 - pkts: 152 flows: 1 1/4/2014 -- 14:47:21 - - AutoFP - Queue 5 - pkts: 152 flows: 1 1/4/2014 -- 14:47:21 - - AutoFP - Queue 6 - pkts: 31 flows: 4 1/4/2014 -- 14:47:21 - - AutoFP - Queue 7 - pkts: 10 flows: 1 1/4/2014 -- 14:47:21 - - AutoFP - Queue 8 - pkts: 147 flows: 1 1/4/2014 -- 14:47:21 - - AutoFP - Queue 9 - pkts: 151 flows: 1 1/4/2014 -- 14:47:21 - - AutoFP - Queue 10 - pkts: 0 flows: 0 1/4/2014 -- 14:47:21 - - AutoFP - Queue 11 - pkts: 0 flows: 0 1/4/2014 -- 14:47:21 - - Stream TCP processed 5 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 163 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 16 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 121 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 152 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 152 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 31 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 10 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 147 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 151 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 0 TCP packets 1/4/2014 -- 14:47:21 - - Stream TCP processed 0 TCP packets