01.s0i0.pcap

MD5788f1aecb0076330ab28631bf74683a7
Submission Date2019-04-09 02:36:58
Tags(not set)
Alert 6
Showing 1-6 of 6 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-04-08T06:20:52.921557-0700192.168.1.213103.106.250.4ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set*
2
2019-04-08T06:21:10.442127-0700192.168.1.213103.106.250.4ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set*
3
2019-04-08T06:22:33.578925-0700192.168.1.213203.205.255.191ET POLICY Http Client Body contains pwd= in cleartext*
4
2019-04-08T06:21:33.468714-0700192.168.1.213103.7.30.118ET POLICY Http Client Body contains pwd= in cleartext*
5
2019-04-08T06:21:33.591805-0700192.168.1.213203.205.255.191ET POLICY Http Client Body contains pwd= in cleartext*
6
2019-04-08T06:22:33.706713-0700192.168.1.213203.205.255.191ET POLICY Http Client Body contains pwd= in cleartext*
DNS 23
Showing 1-20 of 23 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-04-08T06:20:52.921655-0700192.168.1.213192.168.1.1queryrmadb.invencocloud.comA(not set)
2
2019-04-08T06:20:52.936202-0700192.168.1.1192.168.1.213answerrmadb.invencocloud.comA(not set)
3
2019-04-08T06:20:52.966669-0700192.168.1.213192.168.1.1queryrmadb.invencocloud.comA(not set)
4
2019-04-08T06:20:52.976218-0700192.168.1.1192.168.1.213answerrmadb.invencocloud.comA(not set)
5
2019-04-08T06:20:39.429244-0700192.168.1.213192.168.1.1queryrmadb.invencocloud.comA(not set)
6
2019-04-08T06:20:39.472980-0700192.168.1.213192.168.1.1queryrmadb.invencocloud.comA(not set)
7
2019-04-08T06:20:39.487264-0700192.168.1.1192.168.1.213answerrmadb.invencocloud.comA(not set)
8
2019-04-08T06:20:44.281032-0700192.168.1.213192.168.1.1queryrmadb.invencocloud.comA(not set)
9
2019-04-08T06:20:44.291686-0700192.168.1.1192.168.1.213answerrmadb.invencocloud.comA(not set)
10
2019-04-08T06:20:44.311667-0700192.168.1.213192.168.1.1queryrmadb.invencocloud.comA(not set)
11
2019-04-08T06:20:44.316539-0700192.168.1.1192.168.1.213answerrmadb.invencocloud.comA(not set)
12
2019-04-08T06:20:45.316492-0700192.168.1.213192.168.1.1queryrmadb.invencocloud.comA(not set)
13
2019-04-08T06:20:45.318331-0700192.168.1.1192.168.1.213answerrmadb.invencocloud.comA(not set)
14
2019-04-08T06:20:47.328792-0700192.168.1.213192.168.1.1queryrmadb.invencocloud.comA(not set)
15
2019-04-08T06:20:47.331300-0700192.168.1.1192.168.1.213answerrmadb.invencocloud.comA(not set)
16
2019-04-08T06:21:10.442059-0700192.168.1.213192.168.1.1querycdn.onenote.netA(not set)
17
2019-04-08T06:21:10.455828-0700192.168.1.1192.168.1.213answercdn.onenote.netA(not set)
18
2019-04-08T06:21:33.363420-0700192.168.1.213192.168.1.1querybtrace.qq.comA(not set)
19
2019-04-08T06:21:33.371688-0700192.168.1.1192.168.1.213answerbtrace.qq.comA(not set)
20
2019-04-08T06:21:33.472848-0700192.168.1.213192.168.1.1querybtrace.qq.comA(not set)
TLS 4
Showing 1-4 of 4 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2019-04-08T06:21:08.093976-0700192.168.1.21352.229.173.178TLS 1.2array702-prod.do.dsp.mp.microsoft.com
2
2019-04-08T06:21:10.506070-0700192.168.1.213103.238.151.14TLS 1.2cdn.onenote.net
3
2019-04-08T06:21:15.881607-0700192.168.1.21352.229.173.178TLS 1.2array702-prod.do.dsp.mp.microsoft.com
4
2019-04-08T06:21:52.198901-0700192.168.1.21352.229.171.86TLS 1.2array710-prod.do.dsp.mp.microsoft.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 6
Showing 1-6 of 6 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-04-08T06:21:33.338007-0700192.168.1.213103.7.30.7980POST/200
2
2019-04-08T06:22:33.446154-0700192.168.1.213103.7.30.7980POST/200
3
2019-04-08T06:22:33.632708-0700192.168.1.213btrace.qq.com80POST/kvcollect/200
4
2019-04-08T06:21:33.511692-0700192.168.1.213btrace.qq.com80POST/kvcollect/200
5
2019-04-08T06:21:33.640130-0700192.168.1.213btrace.qq.com80POST/kvcollect/200
6
2019-04-08T06:22:33.761420-0700192.168.1.213btrace.qq.com80POST/kvcollect/200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 55
Showing 1-20 of 55 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-04-08T06:23:16.781618-0700144730912805726flow192.168.1.17636045239.255.255.2501900UDPpcapanalyzer
2
2019-04-08T06:23:16.781618-07001333315867229561flow192.168.1.11749533239.255.255.2501900UDPpcapanalyzer
3
2019-04-08T06:23:16.781618-0700565734345922115flow192.168.1.17645729239.255.255.2501900UDPpcapanalyzer
4
2019-04-08T06:23:16.781618-07001143063849290958flow192.168.1.213(not set)52.221.49.2(not set)ICMPpcapanalyzer
5
2019-04-08T06:23:16.781618-07001848145007852710flow192.168.1.17644115239.255.255.2501900UDPpcapanalyzer
6
2019-04-08T06:23:16.781618-0700891056642441477flow192.168.1.11900192.168.1.21356884UDPpcapanalyzer
7
2019-04-08T06:23:16.781618-07001456529889150895flow192.168.1.21356884239.255.255.2501900UDPpcapanalyzer
8
2019-04-08T06:23:16.781618-07001387857657481753flow192.168.1.21350311103.106.250.453UDPpcapanalyzer
9
2019-04-08T06:23:16.781618-07001271015223158387flow77.234.45.6380192.168.1.21353089TCPpcapanalyzer
10
2019-04-08T06:23:16.781618-07002126327893869495flow192.168.1.1165353224.0.0.2515353UDPpcapanalyzer
11
2019-04-08T06:23:16.781618-07001567028665301629flow192.168.1.213138192.168.1.255138UDPpcapanalyzer
12
2019-04-08T06:23:16.781618-07002133210579848031flow192.168.1.140585239.255.255.2501900UDPpcapanalyzer
13
2019-04-08T06:23:16.781618-0700754227581549698flow192.168.1.17650138239.255.255.2501900UDPpcapanalyzer
14
2019-04-08T06:23:16.781618-07002023699651886968flow192.168.1.17648635239.255.255.2501900UDPpcapanalyzer
15
2019-04-08T06:23:16.781618-07001462027449882989flow192.168.1.17638951239.255.255.2501900UDPpcapanalyzer
16
2019-04-08T06:23:16.781618-07001889243550509268flow192.168.1.2135387252.221.49.2139TCPpcapanalyzer
17
2019-04-08T06:23:16.781618-0700910053287392841flow192.168.1.17652348239.255.255.2501900UDPpcapanalyzer
18
2019-04-08T06:23:16.781618-07001478593141366940flow192.168.1.17652837239.255.255.2501900UDPpcapanalyzer
19
2019-04-08T06:23:16.781618-070082048020475546flow192.168.1.17650323239.255.255.2501900UDPpcapanalyzer
20
2019-04-08T06:23:16.781618-0700368333352859925flow192.168.1.2135386952.221.49.21433TCPpcapanalyzer
File 12
Showing 1-12 of 12 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-04-08T06:21:33.282946-0700192.168.1.213103.7.30.79/Spectrum .TAP data "\023 " - character array531
2
2019-04-08T06:22:33.575753-0700192.168.1.213203.205.255.191/kvcollect/ASCII text, with very long lines, with no line terminators1005
3
2019-04-08T06:21:33.338007-0700103.7.30.79192.168.1.213/data149
4
2019-04-08T06:22:33.381481-0700192.168.1.213103.7.30.79/Spectrum .TAP data "\023 " - character array531
5
2019-04-08T06:22:33.446154-0700103.7.30.79192.168.1.213/data148
6
2019-04-08T06:21:33.467590-0700192.168.1.213103.7.30.118/kvcollect/ASCII text, with very long lines, with no line terminators1004
7
2019-04-08T06:22:33.632708-0700203.205.255.191192.168.1.213/kvcollect/ASCII text, with no line terminators2
8
2019-04-08T06:21:33.511692-0700103.7.30.118192.168.1.213/kvcollect/ASCII text, with no line terminators2
9
2019-04-08T06:21:33.591131-0700192.168.1.213203.205.255.191/kvcollect/ASCII text, with very long lines, with no line terminators817
10
2019-04-08T06:21:33.640130-0700203.205.255.191192.168.1.213/kvcollect/ASCII text, with no line terminators2
11
2019-04-08T06:22:33.703973-0700192.168.1.213203.205.255.191/kvcollect/ASCII text, with very long lines, with no line terminators817
12
2019-04-08T06:22:33.761420-0700203.205.255.191192.168.1.213/kvcollect/ASCII text, with no line terminators2

Comments(not set)

Update Download PCAP Delete