2020-08-21-traffic-analysis-exercise.pcap

MD5573060724f1c6b012e93bb67139f7350
Submission Date2020-09-16 05:55:46
Tags(not set)
Alert 36
Showing 1-20 of 36 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-08-21T08:08:10.294606-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
2
2020-08-21T08:05:25.101549-070045.147.231.13210.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
3
2020-08-21T08:13:10.020525-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
4
2020-08-21T08:07:03.702599-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
5
2020-08-21T08:08:08.622896-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
6
2020-08-21T08:28:15.448959-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
7
2020-08-21T08:38:19.073357-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
8
2020-08-21T08:23:13.396437-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
9
2020-08-21T08:33:17.429667-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
10
2020-08-21T09:13:31.276002-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
11
2020-08-21T08:43:20.810242-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
12
2020-08-21T09:18:33.039464-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
13
2020-08-21T08:48:22.437850-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
14
2020-08-21T09:23:34.827057-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
15
2020-08-21T09:28:36.283316-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
16
2020-08-21T09:43:41.328111-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
17
2020-08-21T09:58:45.600678-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
18
2020-08-21T10:03:46.948987-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
19
2020-08-21T10:23:52.347035-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
20
2020-08-21T10:28:53.671578-070089.44.9.18610.8.21.163ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)*
DNS 215
Showing 1-20 of 215 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2020-08-21T08:03:06.517729-070010.8.21.16310.8.21.8queryPizza-Bender-DC.pizza-bender.comA(not set)
2
2020-08-21T08:03:06.813568-070010.8.21.16310.8.21.8querylicensing.mp.microsoft.comA(not set)
3
2020-08-21T08:03:07.313768-070010.8.21.16310.8.21.8queryclient.wns.windows.comA(not set)
4
2020-08-21T08:03:07.171983-070010.8.21.810.8.21.163answerlicensing.mp.microsoft.comA(not set)
5
2020-08-21T08:03:06.518134-070010.8.21.810.8.21.163answerPizza-Bender-DC.pizza-bender.comA(not set)
6
2020-08-21T08:03:07.458634-070010.8.21.810.8.21.163answerclient.wns.windows.comA(not set)
7
2020-08-21T08:03:09.235547-070010.8.21.16310.8.21.8querywpad.pizza-bender.comA(not set)
8
2020-08-21T08:03:25.706633-070010.8.21.16310.8.21.8querywpad.pizza-bender.comA(not set)
9
2020-08-21T08:03:09.427833-070010.8.21.16310.8.21.8queryDESKTOP-OF4FE8A.pizza-bender.comSOA(not set)
10
2020-08-21T08:03:09.428158-070010.8.21.810.8.21.163answerDESKTOP-OF4FE8A.pizza-bender.comSOA(not set)
11
2020-08-21T08:03:09.430016-070010.8.21.16310.8.21.8querypizza-bender.comSOA(not set)
12
2020-08-21T08:03:09.433829-070010.8.21.16310.8.21.8query21.8.10.in-addr.arpaSOA(not set)
13
2020-08-21T08:03:10.172471-070010.8.21.16310.8.21.8queryPizza-Bender-DC.pizza-bender.comA(not set)
14
2020-08-21T08:03:10.172921-070010.8.21.810.8.21.163answerPizza-Bender-DC.pizza-bender.comA(not set)
15
2020-08-21T08:03:09.235839-070010.8.21.810.8.21.163answerwpad.pizza-bender.comA(not set)
16
2020-08-21T08:03:09.431888-070010.8.21.16310.8.21.8query163.21.8.10.in-addr.arpaSOA(not set)
17
2020-08-21T08:03:09.432108-070010.8.21.810.8.21.163answer163.21.8.10.in-addr.arpaSOA(not set)
18
2020-08-21T08:03:09.751724-070010.8.21.16310.8.21.8querydns.msftncsi.comA(not set)
19
2020-08-21T08:03:09.891575-070010.8.21.810.8.21.163answerdns.msftncsi.comA(not set)
20
2020-08-21T08:03:25.706888-070010.8.21.810.8.21.163answerwpad.pizza-bender.comA(not set)
TLS 84
Showing 1-20 of 84 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2020-08-21T08:03:08.300013-070010.8.21.16340.91.76.238TLS 1.2licensing.mp.microsoft.com
2
2020-08-21T08:03:07.473629-070010.8.21.16340.91.76.238TLS 1.2licensing.mp.microsoft.com
3
2020-08-21T08:03:07.664858-070010.8.21.16352.242.211.89TLS 1.2client.wns.windows.com
4
2020-08-21T08:04:05.771542-070010.8.21.163204.79.197.200TLS 1.2www.bing.com
5
2020-08-21T08:04:24.668724-070010.8.21.16323.11.218.99TLS 1.2storeedgefd.dsx.mp.microsoft.com
6
2020-08-21T08:03:10.547435-070010.8.21.16352.242.211.89TLS 1.2client.wns.windows.com
7
2020-08-21T08:04:24.556556-070010.8.21.16323.11.218.99TLS 1.2storeedgefd.dsx.mp.microsoft.com
8
2020-08-21T08:04:25.687321-070010.8.21.16352.114.132.73TLS 1.2self.events.data.microsoft.com
9
2020-08-21T08:04:35.448132-070010.8.21.16323.11.218.99TLS 1.2livetileedge.dsx.mp.microsoft.com
10
2020-08-21T08:04:58.817830-070010.8.21.16323.7.91.168TLS 1.2support.oracle.com
11
2020-08-21T08:05:11.926635-070010.8.21.163104.244.42.131TLS 1.2help.twitter.com
12
2020-08-21T08:05:18.647506-070010.8.21.163104.95.64.77TLS 1.2support.apple.com
13
2020-08-21T08:04:16.006561-070010.8.21.16352.109.2.16TLS 1.2officeclient.microsoft.com
14
2020-08-21T08:08:10.294500-070010.8.21.16389.44.9.186TLS 1.2ciliabba.cyou
15
2020-08-21T08:04:16.889458-070010.8.21.16340.126.0.70TLS 1.2login.microsoftonline.com
16
2020-08-21T08:04:59.367206-070010.8.21.16323.7.91.168TLS 1.2support.oracle.com
17
2020-08-21T08:05:00.086777-070010.8.21.16396.6.84.22TLS 1.2www.oracle.com
18
2020-08-21T08:05:22.365859-070010.8.21.16352.109.76.32TLS 1.2nexusrules.officeapps.live.com
19
2020-08-21T08:05:25.101458-070010.8.21.16345.147.231.132TLS 1.2ldrbravo.casa
20
2020-08-21T08:10:54.563795-070010.8.21.16340.91.76.238TLS 1.2licensing.mp.microsoft.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 5
Showing 1-5 of 5 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-08-21T08:53:02.852019-070010.8.21.163ctldl.windowsupdate.com80GET/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0bd913661fd13de5304
2
2020-08-21T08:53:03.030946-070010.8.21.163ctldl.windowsupdate.com80GET/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?85c021281c90a293304
3
2020-08-21T08:04:26.746351-070010.8.21.163ncznw6a.com80GET/dujok/kevyl.php?l=ranec11.cab200
4
2020-08-21T09:53:04.103630-070010.8.21.163ctldl.windowsupdate.com80GET/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7c8acc11913b9129304
5
2020-08-21T09:53:04.234955-070010.8.21.163ctldl.windowsupdate.com80GET/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?16d4b64f30ea9632304
SMB 169
Showing 1-20 of 169 items.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2020-08-21T08:03:10.176025-070010.8.21.16310.8.21.82.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
2
2020-08-21T08:03:10.177727-070010.8.21.16310.8.21.83.11SMB2_COMMAND_NEGOTIATE_PROTOCOL00
3
2020-08-21T08:03:10.180611-070010.8.21.16310.8.21.83.11SMB2_COMMAND_SESSION_SETUP1187472557998250
4
2020-08-21T08:03:10.181161-070010.8.21.16310.8.21.83.11SMB2_COMMAND_TREE_CONNECT1187472557998251
5
2020-08-21T08:03:10.181453-070010.8.21.16310.8.21.83.11SMB2_COMMAND_IOCTL1187472557998251
6
2020-08-21T08:03:10.182356-070010.8.21.16310.8.21.83.11SMB2_COMMAND_IOCTL1187472557998251
7
2020-08-21T08:03:20.954290-070010.8.21.16310.8.21.83.11SMB2_COMMAND_TREE_DISCONNECT1187472557998251
8
2020-08-21T08:03:20.955083-070010.8.21.16310.8.21.83.11SMB2_COMMAND_SESSION_LOGOFF1187472557998250
9
2020-08-21T08:04:02.194598-070010.8.21.16310.8.21.82.??SMB1_COMMAND_NEGOTIATE_PROTOCOL00
10
2020-08-21T08:04:02.217963-070010.8.21.16310.8.21.83.11SMB2_COMMAND_NEGOTIATE_PROTOCOL00
11
2020-08-21T08:04:02.232370-070010.8.21.16310.8.21.83.11SMB2_COMMAND_SESSION_SETUP1187472557998290
12
2020-08-21T08:04:02.237357-070010.8.21.16310.8.21.83.11SMB2_COMMAND_SESSION_SETUP1187472557998290
13
2020-08-21T08:04:02.238623-070010.8.21.16310.8.21.83.11SMB2_COMMAND_TREE_CONNECT1187472557998291
14
2020-08-21T08:04:02.248091-070010.8.21.16310.8.21.83.11SMB2_COMMAND_IOCTL1187472557998291
15
2020-08-21T08:04:02.256323-070010.8.21.16310.8.21.83.11SMB2_COMMAND_CREATE1187472557998291
16
2020-08-21T08:04:02.259328-070010.8.21.16310.8.21.83.11SMB2_COMMAND_WRITE1187472557998291
17
2020-08-21T08:04:02.260023-070010.8.21.16310.8.21.83.11SMB2_COMMAND_IOCTL1187472557998291
18
2020-08-21T08:04:02.260839-070010.8.21.16310.8.21.83.11SMB2_COMMAND_IOCTL1187472557998291
19
2020-08-21T08:04:02.261584-070010.8.21.16310.8.21.83.11SMB2_COMMAND_IOCTL1187472557998291
20
2020-08-21T08:04:02.262140-070010.8.21.16310.8.21.83.11SMB2_COMMAND_IOCTL1187472557998291
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 278
Showing 1-20 of 278 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-08-21T08:04:24.846075-0700987073178405169flow10.8.21.16354511239.255.255.2501900UDPpcapanalyzer
2
2020-08-21T08:04:24.846075-0700505942351949622flow10.8.21.16313710.8.21.255137UDPpcapanalyzer
3
2020-08-21T10:24:26.424681-07001407559323664935flow10.8.21.1636128489.44.9.186443TCPpcapanalyzer
4
2020-08-21T10:24:26.424681-07001127041986212017flow10.8.21.1636127089.44.9.186443TCPpcapanalyzer
5
2020-08-21T10:24:26.424681-07002112367554183131flow10.8.21.1636125510.8.21.849667TCPpcapanalyzer
6
2020-08-21T10:24:26.424681-07001690687625718158flow10.8.21.1635443410.8.21.853UDPpcapanalyzer
7
2020-08-21T10:24:26.424681-0700987073209595111flow10.8.21.16354511239.255.255.2501900UDPpcapanalyzer
8
2020-08-21T10:24:26.424681-07001972647942355568flow10.8.21.1636123952.114.132.73443TCPpcapanalyzer
9
2020-08-21T10:24:26.424681-07001128596665780306flow10.8.21.1636123589.44.9.186443TCPpcapanalyzer
10
2020-08-21T10:24:26.424681-0700987949351765490flow10.8.21.1636118252.242.211.89443TCPpcapanalyzer
11
2020-08-21T10:24:26.424681-0700144422073426071flow10.8.21.1636119310.8.21.888TCPpcapanalyzer
12
2020-08-21T10:24:26.424681-07001270553909435433flow10.8.21.1636120610.8.21.8389TCPpcapanalyzer
13
2020-08-21T10:24:26.424681-07001411299986828119flow10.8.21.1635890910.8.21.853UDPpcapanalyzer
14
2020-08-21T10:24:26.424681-07001974786807554992flow10.8.21.1636118340.91.76.238443TCPpcapanalyzer
15
2020-08-21T10:24:26.424681-07004677060519580flow10.8.21.1636129810.8.21.8389TCPpcapanalyzer
16
2020-08-21T10:24:26.424681-07001975221076235285flow10.8.21.1636178510.8.21.853UDPpcapanalyzer
17
2020-08-21T10:24:26.424681-07001975401164973311flow10.8.21.1636127510.8.21.8445TCPpcapanalyzer
18
2020-08-21T10:24:26.424681-0700710584678719268flow10.8.21.16313810.8.21.8138UDPpcapanalyzer
19
2020-08-21T10:24:26.424681-07002118930212264409flow10.8.21.1636121696.6.84.22443TCPpcapanalyzer
20
2020-08-21T10:24:26.424681-07002119059172126051flow10.8.21.1636126910.8.21.8445TCPpcapanalyzer
File 5
Showing 1-5 of 5 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-08-21T08:04:26.746351-070045.12.4.19010.8.21.163ranec11.cabPE32 executable (DLL) (GUI) Intel 80386, for MS Windows304640
2
2020-08-21T09:30:00.315824-070010.8.21.810.8.21.163pizza-bender.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.infLittle-endian UTF-16 Unicode text, with CRLF, CR line terminators1098
3
2020-08-21T09:30:00.321852-070010.8.21.810.8.21.163pizza-bender.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Registry.poldata2800
4
2020-08-21T09:30:00.324100-070010.8.21.810.8.21.163pizza-bender.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22
5
2020-08-21T09:30:00.327964-070010.8.21.810.8.21.163pizza-bender.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.iniASCII text, with CRLF line terminators22

Comments(not set)

Update Download PCAP Delete