--------------------------------------------------
o")~   Snort++ 3.1.69.0
--------------------------------------------------
Loading lua/snort.lua:
Loading snort_defaults.lua:
Finished snort_defaults.lua:
	active
	alerts
	daq
	decode
	host_cache
	host_tracker
	hosts
	network
	process
	search_engine
	so_proxy
	binder
	stream
	stream_ip
	stream_icmp
	stream_tcp
	stream_udp
	stream_user
	arp_spoof
	back_orifice
	dns
	netflow
	normalizer
	rpc_decode
	ssh
	dnp3
	dce_smb
	dce_udp
	port_scan
	smtp
	ftp_server
	ftp_client
	ftp_data
	http_inspect
	http2_inspect
	ips
	file_id
	js_norm
	wizard
	appid
	file_policy
	gtp_inspect
	dce_http_server
	dce_http_proxy
	dce_tcp
	s7commplus
	modbus
	mms
	iec104
	cip
	telnet
	ssl
	sip
	pop
	imap
	stream_file
	references
	classifications
	packets
	trace
	output
Finished lua/snort.lua:
Loading file_id.rules_file:
Loading file_magic.rules:
Finished file_magic.rules:
Finished file_id.rules_file:
--------------------------------------------------
ips policies rule stats
              id  loaded  shared enabled    file
               0     208       0     208    lua/snort.lua
--------------------------------------------------
rule counts
       total rules loaded: 208
               text rules: 208
            option chains: 208
            chain headers: 1
--------------------------------------------------
service rule counts          to-srv  to-cli
                  file_id:      208     208
                    total:      208     208
--------------------------------------------------
fast pattern groups
                to_server: 1
                to_client: 1
--------------------------------------------------
search engine (ac_bnfa)
                instances: 2
                 patterns: 416
            pattern chars: 2508
               num states: 1778
         num match states: 370
             memory scale: KB
             total memory: 68.5879
           pattern memory: 18.6973
        match list memory: 27.3281
        transition memory: 22.3125
appid: MaxRss diff: 3024
appid: patterns loaded: 300
--------------------------------------------------
pcap DAQ configured to read-file.
Commencing packet processing
++ [0] /home/iom/snort3-git/test_trace/align_f1_r1.pcap
Preparing for batch 0
Preparing for batch 1
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 2 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 3 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 2
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 2 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 3 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 3
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 2 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 3 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 4
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 2 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 3 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 5
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 2 at function: virtual void HttpInspect::eval(snort::Packet*, HttpCommon::SourceId, const uint8_t*, uint16_t)
Reaching end of stage 3 at function: static void snort::DetectionEngine::finish_inspect(snort::Packet*, bool)
Reaching end of stage 4 at function: virtual void HttpInspect::eval(snort::Packet*, HttpCommon::SourceId, const uint8_t*, uint16_t)
Reaching end of stage 5 at function: virtual void HttpMsgHeadShared::analyze()
Reaching end of stage 6 at function: static void snort::DetectionEngine::finish_inspect(snort::Packet*, bool)
Reaching end of stage 7 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 8 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 6
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 2 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 3 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 7
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual void HttpInspect::eval(snort::Packet*, HttpCommon::SourceId, const uint8_t*, uint16_t)
Reaching end of stage 2 at function: static void snort::DetectionEngine::finish_inspect(snort::Packet*, bool)
Reaching end of stage 3 at function: virtual void HttpInspect::eval(snort::Packet*, HttpCommon::SourceId, const uint8_t*, uint16_t)
Reaching end of stage 4 at function: virtual void HttpMsgHeadShared::analyze()
Reaching end of stage 5 at function: static void snort::DetectionEngine::finish_inspect(snort::Packet*, bool)
Reaching end of stage 6 at function: virtual void HttpInspect::eval(snort::Packet*, HttpCommon::SourceId, const uint8_t*, uint16_t)
Reaching end of stage 7 at function: static void snort::DetectionEngine::finish_inspect(snort::Packet*, bool)
Reaching end of stage 8 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 9 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 10 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 8
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 2 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 3 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 9
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 2 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 3 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 10
Reaching end of stage 0 at function: static void snort::InspectorManager::internal_execute(snort::Packet*) [with bool T = false]
Reaching end of stage 1 at function: virtual bool TcpStateMachine::eval(TcpSegmentDescriptor&)
Reaching end of stage 2 at function: static void AppIdDiscovery::do_application_discovery(snort::Packet*, AppIdInspector&, OdpContext&, ThirdPartyAppIdContext*)
Reaching end of stage 3 at function: DAQ_RecvStatus Analyzer::process_messages()
Preparing for batch 11
Packet processing done. Elapsed cycles: 827378
Time recorded by profiler: 215146994
-- [0] /home/iom/snort3-git/test_trace/align_f1_r1.pcap
--------------------------------------------------
Packet Statistics
--------------------------------------------------
daq
                    pcaps: 1
                 received: 10
                 analyzed: 10
                    allow: 10
                 rx_bytes: 1578
--------------------------------------------------
codec
                    total: 10          	(100.000%)
                      eth: 10          	(100.000%)
                     ipv4: 10          	(100.000%)
                      tcp: 10          	(100.000%)
--------------------------------------------------
Module Statistics
--------------------------------------------------
appid
                  packets: 10
        processed_packets: 10
           total_sessions: 1
       service_cache_adds: 1
             bytes_in_use: 152
             items_in_use: 1
--------------------------------------------------
binder
                new_flows: 1
          service_changes: 1
                 inspects: 1
--------------------------------------------------
detection
                 analyzed: 10
            file_searches: 1
--------------------------------------------------
file_id
              total_files: 1
          total_file_data: 615
     max_concurrent_files: 1
--------------------------------------------------
http_inspect
                    flows: 1
                    scans: 5
              reassembles: 5
              inspections: 5
                 requests: 1
                responses: 1
             get_requests: 1
  max_concurrent_sessions: 1
              total_bytes: 890
--------------------------------------------------
port_scan
                  packets: 10
                 trackers: 2
--------------------------------------------------
search_engine
           searched_bytes: 615
--------------------------------------------------
stream
                    flows: 1
--------------------------------------------------
stream_tcp
                 sessions: 1
                      max: 1
                  created: 1
                 released: 1
             instantiated: 1
                   setups: 1
                 restarts: 1
             syn_trackers: 1
              segs_queued: 3
            segs_released: 3
                segs_used: 3
          rebuilt_packets: 5
            rebuilt_bytes: 902
                     syns: 1
                 syn_acks: 1
                     fins: 2
                 max_segs: 2
                max_bytes: 853
--------------------------------------------------
wizard
                tcp_scans: 1
                 tcp_hits: 1
--------------------------------------------------
Appid Statistics
--------------------------------------------------
detected apps and services
              Application: Services   Clients    Users      Payloads   Misc       Referred  
                  unknown: 1          0          0          1          0          0         
--------------------------------------------------
Summary Statistics
--------------------------------------------------
timing
                  runtime: 00:00:00
                  seconds: 0.217920
o")~   Snort exiting