Suricata

Packet profile dump:

IP ver Proto cnt min max avg tot %%

------ ----- ---------- ------------ ------------ ----------- ----------- ---

IPv4 6 255 1 1089 14 3.6k 74.88

IPv4 17 24 1 920 49 1.2k 25.01

IPv6 17 2 2 3 2 5 0.10

Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module IP ver Proto cnt min max avg tot %% locks ticks cont. cont.avg slocks sticks scont. scont.avg

------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- --- -------- -------- ---------- ----------- -------- -------- ------------ -----------

TMM_FLOWWORKER IPv4 6 255 1 1089 13 3.5k 74.21 3.29 0 0 0.00 0.00 0 0 0.00

TMM_FLOWWORKER IPv4 17 24 1 917 49 1.2k 25.01 3.83 0 0 0.00 0.00 0 0 0.00

TMM_RECEIVEPCAPFILE IPv4 6 255 0 1 0 5 0.11 0.00 0 0 0.00 0.00 0 0 0.00

TMM_RECEIVEPCAPFILE IPv4 17 24 0 1 0 3 0.06 0.00 0 0 0.00 0.00 0 0 0.00

TMM_DECODEPCAPFILE IPv4 6 255 0 1 0 20 0.42 0.00 0 0 0.00 0.00 0 0 0.00

TMM_DECODEPCAPFILE IPv4 17 24 0 2 0 5 0.11 0.00 0 0 0.00 0.00 0 0 0.00

TMM_FLOWWORKER IPv6 17 2 1 2 1 3 0.06

TMM_RECEIVEPCAPFILE IPv6 17 2 0 0 0 0 0.00

TMM_DECODEPCAPFILE IPv6 17 2 0 1 0 1 0.02

Flow Worker IP ver Proto cnt min max avg

-------------------- ------ ----- ---------- ------------ ------------ -----------

flow IPv4 6 255 0 8 0 64 6.36

flow IPv4 17 24 0 3 0 8 0.79

stream IPv4 6 255 0 115 1 344 34.16

app-layer IPv4 17 24 1 43 3 79 7.85

detect IPv4 6 255 1 97 1 423 42.01

detect IPv4 17 24 1 13 1 40 3.97

tcp-prune IPv4 6 251 0 2 0 27 2.68

flow-inject IPv4 6 255 0 1 0 11 1.09

flow-inject IPv4 17 24 0 1 0 2 0.20

flow-evict IPv4 6 255 0 1 0 4 0.40

flow-evict IPv4 17 24 0 1 0 2 0.20

flow IPv6 17 2 0 0 0 0 0.00

app-layer IPv6 17 2 0 1 0 1 0.10

detect IPv6 17 2 1 1 1 2 0.20

flow-inject IPv6 17 2 0 0 0 0 0.00

flow-evict IPv6 17 2 0 0 0 0 0.00

Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer IP ver Proto cnt min max avg

-------------------- ------ ----- ---------- ------------ ------------ -----------

tls IPv4 6 4 1 15 5 20 18.02

dcerpc IPv4 6 37 1 11 1 56 50.45

dns IPv4 17 4 1 6 2 10 9.01

dhcp IPv4 17 12 1 12 2 25 22.52

Proto detect IPv4 6 15 1 4 1 21

Proto detect IPv4 17 6 1 29 6 41

Log Thread Module IP ver Proto cnt min max avg tot %% locks ticks cont. cont.avg slocks sticks scont. scont.avg

------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- --- -------- -------- ---------- ----------- -------- -------- ------------ -----------

Logger/output stats:

Logger IP ver Proto cnt min max avg tot

------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------

LOGGER_TLS IPv4 6 1 20 20 20 20 0.56

LOGGER_JSON_TX IPv4 6 30 2 920 46 1.4k 39.16

LOGGER_JSON_TX IPv4 17 19 3 846 54 1.0k 28.82

LOGGER_ALERT_DEBUG IPv4 6 2 13 31 22 44 1.24

LOGGER_ALERT_FAST IPv4 6 2 5 11 8 16 0.45

LOGGER_JSON_ALERT IPv4 6 2 24 922 473 946 26.57

LOGGER_PCAP IPv4 6 2 1 113 57 114 3.20

General detection engine stats:

Detection phase IP ver Proto cnt min max avg tot

------------------------ ------ ----- ---------- ------------ ------------ ----------- -----------

PROF_DETECT_SETUP IPv4 6 7 1 1 1 7 1.81

PROF_DETECT_SETUP IPv4 17 2 1 1 1 2 0.52

PROF_DETECT_GETSGH IPv4 6 6 1 1 1 6 1.55

PROF_DETECT_GETSGH IPv4 17 1 1 1 1 1 0.26

PROF_DETECT_IPONLY IPv4 6 2 1 1 1 2 0.52

PROF_DETECT_IPONLY IPv4 17 2 1 2 1 3 0.78

PROF_DETECT_RULES IPv4 6 12 1 1 1 12 3.11

PROF_DETECT_RULES IPv4 17 1 1 1 1 1 0.26

PROF_DETECT_TX IPv4 6 25 1 96 5 146 37.82

PROF_DETECT_TX IPv4 17 4 1 2 1 5 1.30

PROF_DETECT_PF_PAYLOAD IPv4 6 42 1 81 3 147 38.08

PROF_DETECT_PF_PAYLOAD IPv4 17 9 1 3 1 11 2.85

PROF_DETECT_PF_TX IPv4 6 2 1 1 1 2 0.52

PROF_DETECT_PF_SORT2 IPv4 6 4 1 2 1 5 1.30

PROF_DETECT_NONMPMLIST IPv4 6 4 1 1 1 4 1.04

PROF_DETECT_NONMPMLIST IPv4 17 2 1 1 1 2 0.52

PROF_DETECT_ALERT IPv4 6 19 1 1 1 19 4.92

PROF_DETECT_ALERT IPv4 17 2 1 1 1 2 0.52

PROF_DETECT_TX_UPDATE IPv4 6 3 1 1 1 3 0.78

PROF_DETECT_TX_UPDATE IPv4 17 1 1 1 1 1 0.26

PROF_DETECT_CLEANUP IPv4 6 5 1 1 1 5 1.30