Packet profile dump: IP ver Proto cnt min max avg tot %% ------ ----- ---------- ------------ ------------ ----------- ----------- --- IPv4 6 255 1 1089 14 3.6k 74.88 IPv4 17 24 1 920 49 1.2k 25.01 IPv6 17 2 2 3 2 5 0.10 Note: Protocol 256 tracks pseudo/tunnel packets. Per Thread module stats: Thread Module IP ver Proto cnt min max avg tot %% locks ticks cont. cont.avg slocks sticks scont. scont.avg ------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- --- -------- -------- ---------- ----------- -------- -------- ------------ ----------- TMM_FLOWWORKER IPv4 6 255 1 1089 13 3.5k 74.21 3.29 0 0 0.00 0.00 0 0 0.00 TMM_FLOWWORKER IPv4 17 24 1 917 49 1.2k 25.01 3.83 0 0 0.00 0.00 0 0 0.00 TMM_RECEIVEPCAPFILE IPv4 6 255 0 1 0 5 0.11 0.00 0 0 0.00 0.00 0 0 0.00 TMM_RECEIVEPCAPFILE IPv4 17 24 0 1 0 3 0.06 0.00 0 0 0.00 0.00 0 0 0.00 TMM_DECODEPCAPFILE IPv4 6 255 0 1 0 20 0.42 0.00 0 0 0.00 0.00 0 0 0.00 TMM_DECODEPCAPFILE IPv4 17 24 0 2 0 5 0.11 0.00 0 0 0.00 0.00 0 0 0.00 TMM_FLOWWORKER IPv6 17 2 1 2 1 3 0.06 TMM_RECEIVEPCAPFILE IPv6 17 2 0 0 0 0 0.00 TMM_DECODEPCAPFILE IPv6 17 2 0 1 0 1 0.02 Flow Worker IP ver Proto cnt min max avg -------------------- ------ ----- ---------- ------------ ------------ ----------- flow IPv4 6 255 0 8 0 64 6.36 flow IPv4 17 24 0 3 0 8 0.79 stream IPv4 6 255 0 115 1 344 34.16 app-layer IPv4 17 24 1 43 3 79 7.85 detect IPv4 6 255 1 97 1 423 42.01 detect IPv4 17 24 1 13 1 40 3.97 tcp-prune IPv4 6 251 0 2 0 27 2.68 flow-inject IPv4 6 255 0 1 0 11 1.09 flow-inject IPv4 17 24 0 1 0 2 0.20 flow-evict IPv4 6 255 0 1 0 4 0.40 flow-evict IPv4 17 24 0 1 0 2 0.20 flow IPv6 17 2 0 0 0 0 0.00 app-layer IPv6 17 2 0 1 0 1 0.10 detect IPv6 17 2 1 1 1 2 0.20 flow-inject IPv6 17 2 0 0 0 0 0.00 flow-evict IPv6 17 2 0 0 0 0 0.00 Note: stream includes app-layer for TCP Per App layer parser stats: App Layer IP ver Proto cnt min max avg -------------------- ------ ----- ---------- ------------ ------------ ----------- tls IPv4 6 4 1 15 5 20 18.02 dcerpc IPv4 6 37 1 11 1 56 50.45 dns IPv4 17 4 1 6 2 10 9.01 dhcp IPv4 17 12 1 12 2 25 22.52 Proto detect IPv4 6 15 1 4 1 21 Proto detect IPv4 17 6 1 29 6 41 Log Thread Module IP ver Proto cnt min max avg tot %% locks ticks cont. cont.avg slocks sticks scont. scont.avg ------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- --- -------- -------- ---------- ----------- -------- -------- ------------ ----------- Logger/output stats: Logger IP ver Proto cnt min max avg tot ------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- LOGGER_TLS IPv4 6 1 20 20 20 20 0.56 LOGGER_JSON_TX IPv4 6 30 2 920 46 1.4k 39.16 LOGGER_JSON_TX IPv4 17 19 3 846 54 1.0k 28.82 LOGGER_ALERT_DEBUG IPv4 6 2 13 31 22 44 1.24 LOGGER_ALERT_FAST IPv4 6 2 5 11 8 16 0.45 LOGGER_JSON_ALERT IPv4 6 2 24 922 473 946 26.57 LOGGER_PCAP IPv4 6 2 1 113 57 114 3.20 General detection engine stats: Detection phase IP ver Proto cnt min max avg tot ------------------------ ------ ----- ---------- ------------ ------------ ----------- ----------- PROF_DETECT_SETUP IPv4 6 7 1 1 1 7 1.81 PROF_DETECT_SETUP IPv4 17 2 1 1 1 2 0.52 PROF_DETECT_GETSGH IPv4 6 6 1 1 1 6 1.55 PROF_DETECT_GETSGH IPv4 17 1 1 1 1 1 0.26 PROF_DETECT_IPONLY IPv4 6 2 1 1 1 2 0.52 PROF_DETECT_IPONLY IPv4 17 2 1 2 1 3 0.78 PROF_DETECT_RULES IPv4 6 12 1 1 1 12 3.11 PROF_DETECT_RULES IPv4 17 1 1 1 1 1 0.26 PROF_DETECT_TX IPv4 6 25 1 96 5 146 37.82 PROF_DETECT_TX IPv4 17 4 1 2 1 5 1.30 PROF_DETECT_PF_PAYLOAD IPv4 6 42 1 81 3 147 38.08 PROF_DETECT_PF_PAYLOAD IPv4 17 9 1 3 1 11 2.85 PROF_DETECT_PF_TX IPv4 6 2 1 1 1 2 0.52 PROF_DETECT_PF_SORT2 IPv4 6 4 1 2 1 5 1.30 PROF_DETECT_NONMPMLIST IPv4 6 4 1 1 1 4 1.04 PROF_DETECT_NONMPMLIST IPv4 17 2 1 1 1 2 0.52 PROF_DETECT_ALERT IPv4 6 19 1 1 1 19 4.92 PROF_DETECT_ALERT IPv4 17 2 1 1 1 2 0.52 PROF_DETECT_TX_UPDATE IPv4 6 3 1 1 1 3 0.78 PROF_DETECT_TX_UPDATE IPv4 17 1 1 1 1 1 0.26 PROF_DETECT_CLEANUP IPv4 6 5 1 1 1 5 1.30