exercise1.pcap

MD5a31f8c43c6920be561c2be0725ff37ce
Submission Date2020-06-29 13:56:43
Tags(not set)
Alert 6
Showing 1-6 of 6 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2008-06-13T04:24:38.290693-070010.0.0.13085.255.120.194ET CURRENT_EVENTS TDS Sutra - request in.cgi*
2
2008-06-13T04:24:39.193384-070085.255.120.19410.0.0.130ET CURRENT_EVENTS TDS Sutra - redirect received*
3
2008-06-13T04:24:41.899145-070066.232.114.13910.0.0.130ET POLICY PE EXE or DLL Windows file download HTTP*
4
2008-06-13T04:24:49.029596-070010.0.0.130208.72.169.133ET TROJAN Pushdo Update URL Detected*
5
2008-06-13T04:24:49.029596-070072.36.162.5010.0.0.130ET POLICY PE EXE or DLL Windows file download HTTP*
6
2008-06-13T04:24:49.029596-070072.36.162.5010.0.0.130ET INFO SUSPICIOUS Dotted Quad Host MZ Response*
DNS 22
Showing 1-20 of 22 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2008-06-13T04:24:34.340496-070010.0.0.13010.0.0.2querywww.cert.plA(not set)
2
2008-06-13T04:24:34.348166-070010.0.0.210.0.0.130answerwww.cert.plA(not set)
3
2008-06-13T04:24:34.458735-070010.0.0.13010.0.0.2queryurs.microsoft.comA(not set)
4
2008-06-13T04:24:34.502020-070010.0.0.210.0.0.130answerurs.microsoft.comA(not set)
5
2008-06-13T04:24:35.460116-070010.0.0.13010.0.0.2querywww.homebank.plA(not set)
6
2008-06-13T04:24:36.452140-070010.0.0.13010.0.0.2querywww.homebank.plA(not set)
7
2008-06-13T04:24:36.609961-070010.0.0.210.0.0.130answerwww.homebank.plA(not set)
8
2008-06-13T04:24:37.484486-070010.0.0.13010.0.0.2query1sense.infoA(not set)
9
2008-06-13T04:24:37.485511-070010.0.0.13010.0.0.2querystat.webmedia.plA(not set)
10
2008-06-13T04:24:37.501473-070010.0.0.210.0.0.130answerstat.webmedia.plA(not set)
11
2008-06-13T04:24:37.524282-070010.0.0.13010.0.0.2querywinhex.orgA(not set)
12
2008-06-13T04:24:37.764039-070010.0.0.210.0.0.130answerwinhex.orgA(not set)
13
2008-06-13T04:24:38.123500-070010.0.0.210.0.0.130answer1sense.infoA(not set)
14
2008-06-13T04:24:38.215244-070010.0.0.13010.0.0.2queryjezl0.comA(not set)
15
2008-06-13T04:24:38.217545-070010.0.0.210.0.0.130answerjezl0.comA(not set)
16
2008-06-13T04:24:38.556489-070010.0.0.13010.0.0.2querywww.nask.plA(not set)
17
2008-06-13T04:24:38.564899-070010.0.0.210.0.0.130answerwww.nask.plA(not set)
18
2008-06-13T04:24:41.319109-070010.0.0.210.0.0.130answerwww.homebank.plA(not set)
19
2008-06-13T04:24:45.863224-070010.0.0.13010.0.0.2querywww.koszty.plA(not set)
20
2008-06-13T04:24:45.867159-070010.0.0.210.0.0.130answerwww.koszty.plA(not set)
TLS 2
Showing 1-2 of 2 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2008-06-13T04:24:38.926621-070010.0.0.130213.199.161.251TLSv1(not set)
2
2008-06-13T04:24:34.702179-070010.0.0.130213.199.161.251TLSv1(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 79
Showing 1-20 of 79 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2008-06-13T04:24:36.663852-070010.0.0.130www.homebank.pl80GET/200
2
2008-06-13T04:24:37.558867-070010.0.0.130www.homebank.pl80GET/domeny_style.css200
3
2008-06-13T04:24:34.512233-070010.0.0.130www.cert.pl80GET/style.css200
4
2008-06-13T04:24:34.521566-070010.0.0.130www.cert.pl80GET/200
5
2008-06-13T04:24:34.528806-070010.0.0.130www.cert.pl80GET/gfx_topa5/top_02-1.gif200
6
2008-06-13T04:24:34.551418-070010.0.0.130www.cert.pl80GET/gfx_topa5/top_04-1.gif200
7
2008-06-13T04:24:34.555825-070010.0.0.130www.cert.pl80GET/gfx_topa5/1.gif200
8
2008-06-13T04:24:34.567398-070010.0.0.130www.cert.pl80GET/gfx_topa5/2.gif200
9
2008-06-13T04:24:34.570632-070010.0.0.130www.cert.pl80GET/gfx_topa5/3.gif200
10
2008-06-13T04:24:34.585675-070010.0.0.130www.cert.pl80GET/gfx_top/top_08.jpg200
11
2008-06-13T04:24:38.290693-070010.0.0.130winhex.org80GET/tds/in.cgi?3302
12
2008-06-13T04:24:37.825923-070010.0.0.130stat.webmedia.pl80GET/cgi-bin/stat?homebank&stat4u200
13
2008-06-13T04:24:38.716516-070010.0.0.130www.nask.pl80GET/200
14
2008-06-13T04:24:38.819531-070010.0.0.130jezl0.com80GET/cgi-bin/index.cgi?t3200
15
2008-06-13T04:24:38.757482-070010.0.0.130www.nask.pl80GET/images/spacer.gif200
16
2008-06-13T04:24:38.837681-070010.0.0.130www.nask.pl80GET/images/header/menu_contact.gif200
17
2008-06-13T04:24:38.864339-070010.0.0.130www.nask.pl80GET/images/header/spx.gif200
18
2008-06-13T04:24:38.881032-070010.0.0.130www.nask.pl80GET/images/header/under_flash_line.gif200
19
2008-06-13T04:24:34.593895-070010.0.0.130www.cert.pl80GET/gfx_top/top_09.jpg200
20
2008-06-13T04:24:34.617360-070010.0.0.130www.cert.pl80GET/gfx_topa5/zglaszanie.gif200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 17
Showing 1-17 of 17 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2008-06-13T04:24:49.029596-0700859196814943450flow10.0.0.1301150195.187.7.6680TCPpcapanalyzer
2
2008-06-13T04:24:49.029596-0700724624752436907flow10.0.0.1301151211.95.72.8580TCPpcapanalyzer
3
2008-06-13T04:24:49.029596-07001714258232309060flow10.0.0.130137172.16.241.255137UDPpcapanalyzer
4
2008-06-13T04:24:49.029596-0700316375226032843flow10.0.0.1301153193.59.201.6280TCPpcapanalyzer
5
2008-06-13T04:24:49.029596-07002146748553367833flow10.0.0.1301151195.187.7.6680TCPpcapanalyzer
6
2008-06-13T04:24:49.029596-07002148848792384016flow10.0.0.130102510.0.0.253UDPpcapanalyzer
7
2008-06-13T04:24:49.029596-07002025535986596149flow10.0.0.1301149212.160.67.14980TCPpcapanalyzer
8
2008-06-13T04:24:49.029596-0700505199167974684flow10.0.0.1301152213.199.161.251443TCPpcapanalyzer
9
2008-06-13T04:24:49.029596-07001655522406587879flow10.0.0.1301154213.199.161.251443TCPpcapanalyzer
10
2008-06-13T04:24:49.029596-0700954914456361190flow10.0.0.130115266.232.114.13980TCPpcapanalyzer
11
2008-06-13T04:24:49.029596-07002082948962161947flow10.0.0.1301154208.72.169.13380TCPpcapanalyzer
12
2008-06-13T04:24:49.029596-07001526314757812374flow10.0.0.1301148212.85.111.7980TCPpcapanalyzer
13
2008-06-13T04:24:49.029596-07001246343019736252flow10.0.0.130115085.255.120.19480TCPpcapanalyzer
14
2008-06-13T04:24:49.029596-07001815786963691655flow10.0.0.130104610.0.0.253UDPpcapanalyzer
15
2008-06-13T04:24:49.029596-07001957018373396633flow10.0.0.130115372.36.162.5080TCPpcapanalyzer
16
2008-06-13T04:24:49.029596-0700836102775833940flow10.0.0.130103010.0.0.253UDPpcapanalyzer
17
2008-06-13T04:24:49.029596-07001685284382473573flow10.0.0.1301155193.59.201.6280TCPpcapanalyzer
File 78
Showing 1-20 of 78 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2008-06-13T04:24:36.663852-0700212.85.111.7910.0.0.130/HTML document, Non-ISO extended-ASCII text, with very long lines, with CRLF, LF line terminators1971
2
2008-06-13T04:24:37.558867-0700212.85.111.7910.0.0.130/domeny_style.cssASCII text392
3
2008-06-13T04:24:34.512233-0700195.187.7.6610.0.0.130/style.cssASCII text4951
4
2008-06-13T04:24:34.521566-0700195.187.7.6610.0.0.130/HTML document, ISO-8859 text, with very long lines, with CRLF, LF line terminators22348
5
2008-06-13T04:24:34.528806-0700195.187.7.6610.0.0.130/gfx_topa5/top_02-1.gifGIF image data, version 89a, 762 x 6149
6
2008-06-13T04:24:34.551418-0700195.187.7.6610.0.0.130/gfx_topa5/top_04-1.gifGIF image data, version 89a, 102 x 55773
7
2008-06-13T04:24:34.555825-0700195.187.7.6610.0.0.130/gfx_topa5/1.gifGIF image data, version 87a, 95 x 22881
8
2008-06-13T04:24:34.567398-0700195.187.7.6610.0.0.130/gfx_topa5/2.gifGIF image data, version 87a, 15 x 2261
9
2008-06-13T04:24:34.570632-0700195.187.7.6610.0.0.130/gfx_topa5/3.gifGIF image data, version 87a, 45 x 22322
10
2008-06-13T04:24:38.290693-070085.255.120.19410.0.0.130/tds/in.cgiHTML document, ASCII text202
11
2008-06-13T04:24:38.716516-0700193.59.201.6210.0.0.130/HTML document, ISO-8859 text, with very long lines, with CRLF line terminators20318
12
2008-06-13T04:24:37.825923-0700212.160.67.14910.0.0.130/cgi-bin/statGIF image data, version 87a, 96 x 40988
13
2008-06-13T04:24:38.819531-070066.232.114.13910.0.0.130/cgi-bin/index.cgiHTML document, ASCII text, with very long lines11339
14
2008-06-13T04:24:38.757482-0700193.59.201.6210.0.0.130/images/spacer.gifGIF image data, version 89a, 7 x 1048
15
2008-06-13T04:24:38.837681-0700193.59.201.6210.0.0.130/images/header/menu_contact.gifGIF image data, version 89a, 69 x 12790
16
2008-06-13T04:24:38.864339-0700193.59.201.6210.0.0.130/images/header/spx.gifGIF image data, version 89a, 21 x 1266
17
2008-06-13T04:24:38.881032-0700193.59.201.6210.0.0.130/images/header/under_flash_line.gifGIF image data, version 89a, 371 x 13174
18
2008-06-13T04:24:34.585675-0700195.187.7.6610.0.0.130/gfx_top/top_08.jpgJPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 762x1, frames 3375
19
2008-06-13T04:24:34.593895-0700195.187.7.6610.0.0.130/gfx_top/top_09.jpgJPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 2x23, frames 3321
20
2008-06-13T04:24:34.617360-0700195.187.7.6610.0.0.130/gfx_topa5/zglaszanie.gifGIF image data, version 87a, 129 x 15690

Comments(not set)

Update Download PCAP Delete