capt.pcap

MD5dca22f0260fde013924a6c7609d1dcc6
Submission Date2020-09-28 23:33:08
Tags(not set)
Alert 2
Showing 1-2 of 2 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-09-21T06:20:19.129264-070051.83.239.143192.168.2.105ET POLICY SSL/TLS Certificate Observed (AnyDesk Remote Desktop Software)*
2
2020-09-21T06:20:20.911133-0700192.168.2.10591.195.241.136ET INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel*
DNS 196
Showing 1-20 of 196 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2020-09-21T06:20:18.193660-0700fe80:0000:0000:0000:1ddd:81a0:29ae:2f3bfe80:0000:0000:0000:1244:00ff:fecb:4533queryBAHRAMII-PC.lunico.comSOA(not set)
2
2020-09-21T06:20:18.182564-0700192.168.2.1058.8.8.8queryisatap.lunico.comA(not set)
3
2020-09-21T06:20:18.411897-0700fe80:0000:0000:0000:1ddd:81a0:29ae:2f3bfe80:0000:0000:0000:1244:00ff:fecb:4533query_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.lunico.comSRV(not set)
4
2020-09-21T06:20:18.443879-0700fe80:0000:0000:0000:1244:00ff:fecb:4533fe80:0000:0000:0000:1ddd:81a0:29ae:2f3banswer_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.lunico.comSRV(not set)
5
2020-09-21T06:20:18.446137-0700fe80:0000:0000:0000:1ddd:81a0:29ae:2f3bfe80:0000:0000:0000:1244:00ff:fecb:4533queryisatap.lunico.comA(not set)
6
2020-09-21T06:20:18.194560-0700fe80:0000:0000:0000:1244:00ff:fecb:4533fe80:0000:0000:0000:1ddd:81a0:29ae:2f3banswerBAHRAMII-PC.lunico.comSOA(not set)
7
2020-09-21T06:20:18.446920-0700fe80:0000:0000:0000:1244:00ff:fecb:4533fe80:0000:0000:0000:1ddd:81a0:29ae:2f3banswerisatap.lunico.comA(not set)
8
2020-09-21T06:20:18.210215-0700fe80:0000:0000:0000:1ddd:81a0:29ae:2f3bfe80:0000:0000:0000:1244:00ff:fecb:4533queryns1.sedoparking.comA(not set)
9
2020-09-21T06:20:18.211116-0700fe80:0000:0000:0000:1244:00ff:fecb:4533fe80:0000:0000:0000:1ddd:81a0:29ae:2f3banswerns1.sedoparking.comA(not set)
10
2020-09-21T06:20:18.213138-0700fe80:0000:0000:0000:1ddd:81a0:29ae:2f3bfe80:0000:0000:0000:1244:00ff:fecb:4533queryns1.sedoparking.comAAAA(not set)
11
2020-09-21T06:20:18.250663-0700fe80:0000:0000:0000:1244:00ff:fecb:4533fe80:0000:0000:0000:1ddd:81a0:29ae:2f3banswerns1.sedoparking.comAAAA(not set)
12
2020-09-21T06:20:18.252096-0700192.168.2.10591.195.241.8queryBAHRAMII-PC.lunico.comSOA(not set)
13
2020-09-21T06:20:18.391522-07008.8.8.8192.168.2.105answerisatap.lunico.comA(not set)
14
2020-09-21T06:20:18.398421-070091.195.241.8192.168.2.105answerBAHRAMII-PC.lunico.comSOA(not set)
15
2020-09-21T06:20:18.446207-0700fe80:0000:0000:0000:1ddd:81a0:29ae:2f3bfe80:0000:0000:0000:1244:00ff:fecb:4533query_ldap._tcp.dc._msdcs.lunico.comSRV(not set)
16
2020-09-21T06:20:18.483585-0700fe80:0000:0000:0000:1244:00ff:fecb:4533fe80:0000:0000:0000:1ddd:81a0:29ae:2f3banswer_ldap._tcp.dc._msdcs.lunico.comSRV(not set)
17
2020-09-21T06:20:18.573271-0700fe80:0000:0000:0000:1ddd:81a0:29ae:2f3bfe80:0000:0000:0000:1244:00ff:fecb:4533queryrelay-41acf9cf.net.anydesk.comA(not set)
18
2020-09-21T06:20:18.615698-0700fe80:0000:0000:0000:1244:00ff:fecb:4533fe80:0000:0000:0000:1ddd:81a0:29ae:2f3banswerrelay-41acf9cf.net.anydesk.comA(not set)
19
2020-09-21T06:20:18.841973-0700fe80:0000:0000:0000:1ddd:81a0:29ae:2f3bfe80:0000:0000:0000:1244:00ff:fecb:4533querywpad.lunico.comAAAA(not set)
20
2020-09-21T06:20:18.842310-0700fe80:0000:0000:0000:1ddd:81a0:29ae:2f3bfe80:0000:0000:0000:1244:00ff:fecb:4533querywpad.lunico.comA(not set)
TLS 7
Showing 1-7 of 7 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2020-09-21T06:20:18.895422-0700192.168.2.10551.83.239.143TLS 1.2(not set)
2
2020-09-21T06:21:46.415781-0700192.168.2.10534.210.106.102TLS 1.2incoming.telemetry.mozilla.org
3
2020-09-21T06:21:46.677711-0700192.168.2.10534.210.106.102TLS 1.2incoming.telemetry.mozilla.org
4
2020-09-21T06:21:46.710155-0700192.168.2.10534.210.106.102TLS 1.2incoming.telemetry.mozilla.org
5
2020-09-21T06:22:13.733482-0700192.168.2.10562.67.238.151TLS 1.2ds.kaspersky.com
6
2020-09-21T06:20:43.253411-0700192.168.2.10562.128.101.1TLS 1.2dc1-st.ksn.kaspersky-labs.com
7
2020-09-21T06:21:46.432037-0700192.168.2.10534.210.106.102TLS 1.2incoming.telemetry.mozilla.org
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 7
Showing 1-7 of 7 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-09-21T06:20:19.659869-0700192.168.2.105detectportal.firefox.com80GET/success.txt?ipv4200
2
2020-09-21T06:20:21.004658-0700192.168.2.105www.msftncsi.com80GET/ncsi.txt200
3
2020-09-21T06:20:19.865924-0700192.168.2.105detectportal.firefox.com80GET/success.txt200
4
2020-09-21T06:20:19.943826-0700192.168.2.105detectportal.firefox.com80GET/success.txt?ipv4200
5
2020-09-21T06:20:20.911133-0700192.168.2.10591.195.241.13680GET/wpad.dat403
6
2020-09-21T06:21:19.717698-0700192.168.2.105detectportal.firefox.com80GET/success.txt200
7
2020-09-21T06:21:19.811276-0700192.168.2.105detectportal.firefox.com80GET/success.txt?ipv4200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 212
Showing 1-20 of 212 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-09-21T06:22:22.181742-0700140761799463383flow192.168.2.1055914282.202.184.133443TCPpcapanalyzer
2
2020-09-21T06:22:22.181742-07001972221746009117flow192.168.2.10550780239.255.102.1850003UDPpcapanalyzer
3
2020-09-21T06:22:22.181742-0700846386264760147flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b51837fe80:0000:0000:0000:1244:00ff:fecb:453353UDPpcapanalyzer
4
2020-09-21T06:22:22.181742-0700424410021313175flowfe80:0000:0000:0000:1244:00ff:fecb:4538(not set)ff02:0000:0000:0000:0000:0000:0000:0016(not set)IPv6-ICMPpcapanalyzer
5
2020-09-21T06:22:22.181742-0700987677802337024flowfd10:4400:cb45:3300:e95f:d37a:7643:9e56(not set)ff02:0000:0000:0000:0000:0000:0000:0001(not set)IPv6-ICMPpcapanalyzer
6
2020-09-21T06:22:22.181742-0700284621721470429flow192.168.2.10550792239.255.102.1850003UDPpcapanalyzer
7
2020-09-21T06:22:22.181742-0700848550926943614flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b51627fe80:0000:0000:0000:1244:00ff:fecb:453353UDPpcapanalyzer
8
2020-09-21T06:22:22.181742-07001693594332367996flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b54039fe80:0000:0000:0000:1244:00ff:fecb:453353UDPpcapanalyzer
9
2020-09-21T06:22:22.181742-07001130932148422989flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b64184ff02:0000:0000:0000:0000:0000:0000:000c3702UDPpcapanalyzer
10
2020-09-21T06:22:22.181742-07001553251988978294flow192.168.2.10559138192.168.1.378080TCPpcapanalyzer
11
2020-09-21T06:22:22.181742-07001835023310340027flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b55289ff02:0000:0000:0000:0000:0000:0001:00035355UDPpcapanalyzer
12
2020-09-21T06:22:22.181742-0700850187309432978flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b53022fe80:0000:0000:0000:1244:00ff:fecb:453353UDPpcapanalyzer
13
2020-09-21T06:22:22.181742-0700149364611015648flow192.168.2.1055908091.195.241.13680TCPpcapanalyzer
14
2020-09-21T06:22:22.181742-0700993828195689091flow192.168.2.105(not set)91.195.241.136(not set)IPv6pcapanalyzer
15
2020-09-21T06:22:22.181742-07008846166575976flow192.168.2.10550800239.255.102.1850002UDPpcapanalyzer
16
2020-09-21T06:22:22.181742-07009773878892868flow192.168.2.10554006239.255.102.1850001UDPpcapanalyzer
17
2020-09-21T06:22:22.181742-07002120874859000866flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b61998fe80:0000:0000:0000:1244:00ff:fecb:453353UDPpcapanalyzer
18
2020-09-21T06:22:22.181742-0700995696506542908flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b52054fe80:0000:0000:0000:1244:00ff:fecb:453353UDPpcapanalyzer
19
2020-09-21T06:22:22.181742-0700292146505010879flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b63047fe80:0000:0000:0000:1244:00ff:fecb:453353UDPpcapanalyzer
20
2020-09-21T06:22:22.181742-07001559148976780115flowfe80:0000:0000:0000:1ddd:81a0:29ae:2f3b57942fe80:0000:0000:0000:1244:00ff:fecb:453353UDPpcapanalyzer
File 7
Showing 1-7 of 7 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-09-21T06:20:21.004658-0700134.0.216.218192.168.2.105/ncsi.txtASCII text, with no line terminators14
2
2020-09-21T06:20:19.659869-070023.58.223.202192.168.2.105/success.txtASCII text8
3
2020-09-21T06:20:19.865924-070023.58.223.202192.168.2.105/success.txtASCII text8
4
2020-09-21T06:20:19.943826-070023.58.223.202192.168.2.105/success.txtASCII text8
5
2020-09-21T06:20:20.911133-070091.195.241.136192.168.2.105/wpad.datHTML document, ASCII text, with CRLF line terminators150
6
2020-09-21T06:21:19.717698-070023.58.223.202192.168.2.105/success.txtASCII text8
7
2020-09-21T06:21:19.811276-070023.58.223.202192.168.2.105/success.txtASCII text8

Comments(not set)

Update Download PCAP Delete