30/3/2016 -- 19:47:45 - - This is Suricata version 3.0 RELEASE 30/3/2016 -- 19:47:45 - - CPUs/cores online: 8 30/3/2016 -- 19:47:45 - - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-ins pect-window' set to 4053 after randomization. 30/3/2016 -- 19:47:45 - - 'default' server has 'response-body-minimal-inspect-size' set to 42119 and 'response-body-i nspect-window' set to 16872 after randomization. 30/3/2016 -- 19:47:45 - - DNS request flood protection level: 500 30/3/2016 -- 19:47:45 - - DNS per flow memcap (state-memcap): 524288 30/3/2016 -- 19:47:45 - - DNS global memcap: 16777216 30/3/2016 -- 19:47:45 - - Protocol detection and parser disabled for modbus protocol. 30/3/2016 -- 19:47:45 - - allocated 786432 bytes of memory for the defrag hash... 65536 buckets of size 12 30/3/2016 -- 19:47:45 - - preallocated 65535 defrag trackers of size 96 30/3/2016 -- 19:47:45 - - defrag memory usage: 7077792 bytes, maximum: 33554432 30/3/2016 -- 19:47:45 - - AutoFP mode using default "Active Packets" flow load balancer 30/3/2016 -- 19:47:45 - - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64 30/3/2016 -- 19:47:45 - - preallocated 1000 hosts of size 64 30/3/2016 -- 19:47:45 - - host memory usage: 326144 bytes, maximum: 16777216 30/3/2016 -- 19:47:45 - - allocated 4194304 bytes of memory for the flow hash... 65536 buckets of size 64 30/3/2016 -- 19:47:45 - - preallocated 10000 flows of size 188 30/3/2016 -- 19:47:45 - - flow memory usage: 6074304 bytes, maximum: 67108864 30/3/2016 -- 19:47:45 - - stream "prealloc-sessions": 2048 (per thread) 30/3/2016 -- 19:47:45 - - stream "memcap": 33554432 30/3/2016 -- 19:47:45 - - stream "midstream" session pickups: disabled 30/3/2016 -- 19:47:45 - - stream "async-oneside": disabled 30/3/2016 -- 19:47:45 - - stream "checksum-validation": enabled 30/3/2016 -- 19:47:45 - - stream."inline": disabled 30/3/2016 -- 19:47:45 - - stream "max-synack-queued": 5 30/3/2016 -- 19:47:45 - - stream.reassembly "memcap": 134217728 30/3/2016 -- 19:47:45 - - stream.reassembly "depth": 1048576 30/3/2016 -- 19:47:45 - - stream.reassembly "toserver-chunk-size": 2469 30/3/2016 -- 19:47:45 - - stream.reassembly "toclient-chunk-size": 2649 30/3/2016 -- 19:47:45 - - stream.reassembly.raw: enabled 30/3/2016 -- 19:47:45 - - segment pool: pktsize 4, prealloc 256 30/3/2016 -- 19:47:45 - - segment pool: pktsize 16, prealloc 512 30/3/2016 -- 19:47:45 - - segment pool: pktsize 112, prealloc 512 30/3/2016 -- 19:47:45 - - segment pool: pktsize 248, prealloc 512 30/3/2016 -- 19:47:45 - - segment pool: pktsize 512, prealloc 512 30/3/2016 -- 19:47:45 - - segment pool: pktsize 768, prealloc 1024 30/3/2016 -- 19:47:45 - - segment pool: pktsize 1448, prealloc 1024 30/3/2016 -- 19:47:45 - - segment pool: pktsize 65535, prealloc 128 30/3/2016 -- 19:47:45 - - stream.reassembly "chunk-prealloc": 250 30/3/2016 -- 19:47:45 - - stream.reassembly "zero-copy-size": 128 30/3/2016 -- 19:47:45 - - allocated 262144 bytes of memory for the ippair hash... 4096 buckets of size 64 30/3/2016 -- 19:47:45 - - preallocated 1000 ippairs of size 72 30/3/2016 -- 19:47:45 - - ippair memory usage: 334144 bytes, maximum: 16777216 30/3/2016 -- 19:47:45 - - using magic-file C:\Program Files (x86)\Suricata\magic.mgc 30/3/2016 -- 19:47:45 - - Delayed detect disabled 30/3/2016 -- 19:47:45 - - IP reputation disabled ****** RULE FILES LOADING ****** 30/3/2016 -- 19:47:52 - - 49 rule files processed. 17819 rules successfully loaded, 0 rules failed 30/3/2016 -- 19:47:53 - - 17827 signatures processed. 1013 are IP-only rules, 6820 are inspecting packet payload, 132 43 inspect application layer, 99 are decoder event only 30/3/2016 -- 19:47:53 - - building signature grouping structure, stage 1: preprocessing rules... complete 30/3/2016 -- 19:47:53 - - building signature grouping structure, stage 2: building source address list... complete 30/3/2016 -- 19:47:55 - - building signature grouping structure, stage 3: building destination address lists... compl ete 30/3/2016 -- 19:47:57 - - Threshold config parsed: 0 rule(s) found 30/3/2016 -- 19:47:57 - - Core dump size is unlimited. 30/3/2016 -- 19:47:57 - - fast output device (regular) initialized: fast.log 30/3/2016 -- 19:47:57 - - [ERRCODE: SC_ERR_NOT_SUPPORTED(225)] - Eve-log support not compiled in. Reconfigure/reco mpile with libjansson and its development files installed to add eve-log support. 30/3/2016 -- 19:47:57 - - http-log output device (regular) initialized: http.log 30/3/2016 -- 19:47:57 - - stats output device (regular) initialized: stats.log 30/3/2016 -- 19:47:57 - - preallocated 1024 packets. Total memory 2861056 30/3/2016 -- 19:47:57 - - reading pcap file C:\Users\Administrator\Downloads\maccdc2012_00013.pcap 30/3/2016 -- 19:47:57 - - using 1 flow manager threads 30/3/2016 -- 19:47:57 - - preallocated 1024 packets. Total memory 2861056 30/3/2016 -- 19:47:57 - - using 1 flow recycler threads 30/3/2016 -- 19:47:57 - - all 1 packet processing threads, 4 management threads initialized, engine started. 30/3/2016 -- 19:47:57 - - No packets with invalid checksum, assuming checksum offloading is NOT used 30/3/2016 -- 19:49:34 - - pcap file end of file reached (pcap err code 0) 30/3/2016 -- 19:49:34 - - Signal Received. Stopping engine. 30/3/2016 -- 19:52:28 - - 0 new flows, 0 established flows were timed out, 0 flows in closed state 30/3/2016 -- 19:52:28 - - preallocated 1024 packets. Total memory 2861056 30/3/2016 -- 19:52:28 - - time elapsed 271.217s 30/3/2016 -- 19:52:28 - - 1002314 flows processed 30/3/2016 -- 19:52:47 - - Pcap-file module read 3190917 packets, 1022686575 bytes 30/3/2016 -- 19:52:47 - - Stream TCP processed 3056562 TCP packets 30/3/2016 -- 19:52:47 - - Fast log output wrote 1194 alerts 30/3/2016 -- 19:52:47 - - HTTP logger logged 2897 requests 30/3/2016 -- 19:53:05 - - ippair memory usage: 334144 bytes, maximum: 16777216 30/3/2016 -- 20:05:02 - - host memory usage: 326144 bytes, maximum: 16777216 30/3/2016 -- 20:05:02 - - cleaning up signature grouping structure... complete