004.pcap

MD5d82402a41d77a5bbbe7b40afe857755e
Submission Date2020-12-12 01:54:34
Tags(not set)
Alert 87
Showing 1-20 of 87 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-11-10T02:40:41.962021-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
2
2020-11-10T02:40:41.962981-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
3
2020-11-10T02:40:41.964651-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
4
2020-11-10T02:40:42.019847-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
5
2020-11-10T02:40:42.020445-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
6
2020-11-10T02:40:41.964889-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
7
2020-11-10T02:40:42.015181-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
8
2020-11-10T02:40:42.064008-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
9
2020-11-10T02:40:42.014757-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
10
2020-11-10T02:40:42.021529-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
11
2020-11-10T02:40:42.066206-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
12
2020-11-10T02:40:42.484434-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
13
2020-11-10T02:40:42.071493-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
14
2020-11-10T02:40:42.178396-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
15
2020-11-10T02:40:42.281221-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
16
2020-11-10T02:40:42.331009-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
17
2020-11-10T02:40:42.071058-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
18
2020-11-10T02:40:43.110025-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
19
2020-11-10T02:40:42.795181-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
20
2020-11-10T02:40:42.071285-0800192.168.195.147192.168.195.146ET SCAN Possible Nmap User-Agent Observed*
DNS 155
Showing 1-20 of 155 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2020-11-10T02:38:54.142999-0800192.168.195.161192.168.195.2querytile-service.weather.microsoft.comA(not set)
2
2020-11-10T02:38:54.144326-0800192.168.195.2192.168.195.161answertile-service.weather.microsoft.comA(not set)
3
2020-11-10T02:39:02.696138-0800192.168.195.161192.168.195.2queryslscr.update.microsoft.comA(not set)
4
2020-11-10T02:39:02.697697-0800192.168.195.2192.168.195.161answerslscr.update.microsoft.comA(not set)
5
2020-11-10T02:39:07.624034-0800192.168.195.161192.168.195.2queryfe3cr.delivery.mp.microsoft.comA(not set)
6
2020-11-10T02:39:07.625421-0800192.168.195.2192.168.195.161answerfe3cr.delivery.mp.microsoft.comA(not set)
7
2020-11-10T02:39:05.529135-0800192.168.195.161192.168.195.2queryv10.events.data.microsoft.comA(not set)
8
2020-11-10T02:39:05.531585-0800192.168.195.2192.168.195.161answerv10.events.data.microsoft.comA(not set)
9
2020-11-10T02:39:23.200489-0800192.168.195.161192.168.195.2queryv10.events.data.microsoft.comA(not set)
10
2020-11-10T02:39:23.227412-0800192.168.195.161192.168.195.2queryv10.events.data.microsoft.comA(not set)
11
2020-11-10T02:39:23.255481-0800192.168.195.2192.168.195.161answerv10.events.data.microsoft.comA(not set)
12
2020-11-10T02:39:23.255481-0800192.168.195.2192.168.195.161answerv10.events.data.microsoft.comA(not set)
13
2020-11-10T02:39:34.215169-0800192.168.195.161192.168.195.2queryv10.events.data.microsoft.comA(not set)
14
2020-11-10T02:39:34.235141-0800192.168.195.161192.168.195.2queryv10.events.data.microsoft.comA(not set)
15
2020-11-10T02:39:34.268338-0800192.168.195.2192.168.195.161answerv10.events.data.microsoft.comA(not set)
16
2020-11-10T02:39:34.268338-0800192.168.195.2192.168.195.161answerv10.events.data.microsoft.comA(not set)
17
2020-11-10T02:40:16.498954-0800192.168.195.146192.168.195.2queryconnectivity-check.ubuntu.comA(not set)
18
2020-11-10T02:40:16.500361-0800192.168.195.2192.168.195.146answerconnectivity-check.ubuntu.comA(not set)
19
2020-11-10T02:40:48.332078-0800192.168.195.147192.168.195.2querysafebrowsing.googleapis.comA(not set)
20
2020-11-10T02:40:48.334493-0800192.168.195.2192.168.195.147answersafebrowsing.googleapis.comA(not set)
TLS 25
Showing 1-20 of 25 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2020-11-10T02:39:05.994306-0800192.168.195.16152.114.77.34TLS 1.2v10.events.data.microsoft.com
2
2020-11-10T02:39:03.122866-0800192.168.195.16140.125.122.176TLS 1.2slscr.update.microsoft.com
3
2020-11-10T02:39:08.049213-0800192.168.195.16140.125.122.151TLS 1.2fe3cr.delivery.mp.microsoft.com
4
2020-11-10T02:39:23.700416-0800192.168.195.16152.114.77.34TLS 1.2v10.events.data.microsoft.com
5
2020-11-10T02:39:34.703068-0800192.168.195.16152.114.77.34TLS 1.2v10.events.data.microsoft.com
6
2020-11-10T02:40:44.894228-0800192.168.195.147192.168.195.1460x3230(not set)
7
2020-11-10T02:40:48.528679-0800192.168.195.147172.217.160.202TLS 1.3safebrowsing.googleapis.com
8
2020-11-10T02:42:43.929891-0800192.168.195.147192.168.195.162TLSv1(not set)
9
2020-11-10T02:42:50.826902-0800192.168.195.147192.168.195.162TLSv1(not set)
10
2020-11-10T02:42:50.846091-0800192.168.195.147192.168.195.162TLSv1(not set)
11
2020-11-10T02:42:50.860248-0800192.168.195.147192.168.195.162TLSv1(not set)
12
2020-11-10T02:42:50.882519-0800192.168.195.147192.168.195.162UNDETERMINED(not set)
13
2020-11-10T02:42:50.887303-0800192.168.195.147192.168.195.162UNDETERMINED(not set)
14
2020-11-10T02:42:50.869217-0800192.168.195.147192.168.195.162TLSv1(not set)
15
2020-11-10T02:45:10.261817-0800192.168.195.161168.63.154.101TLS 1.2checkappexec.microsoft.com
16
2020-11-10T02:45:29.906246-0800192.168.195.161168.63.154.101TLS 1.2checkappexec.microsoft.com
17
2020-11-10T02:42:50.831175-0800192.168.195.147192.168.195.1620x3230(not set)
18
2020-11-10T02:42:50.841702-0800192.168.195.147192.168.195.1620x3230(not set)
19
2020-11-10T02:45:37.195115-0800192.168.195.16140.126.12.32TLS 1.2login.live.com
20
2020-11-10T02:42:50.871323-0800192.168.195.147192.168.195.1620x3230(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 151
Showing 1-20 of 151 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-11-10T02:38:54.321148-0800192.168.195.161tile-service.weather.microsoft.com80GET/en-US/livetile/preinstall?region=US&appid=C98EA5B0842DBB9405BBF071E1DA76512D21FE36&FORM=Threshold200
2
2020-11-10T02:40:26.073451-0800192.168.195.146connectivity-check.ubuntu.com80GET/204
3
2020-11-10T02:40:40.399785-0800192.168.195.147(not set)80GET/200
4
2020-11-10T02:40:41.962021-0800192.168.195.147range.org80GET/nmaplowercheck1605004841404
5
2020-11-10T02:40:41.964244-0800192.168.195.147range.org80GET/200
6
2020-11-10T02:40:41.964651-0800192.168.195.147range.org80PROPFIND/405
7
2020-11-10T02:40:42.019847-0800192.168.195.147range.org80GET/robots.txt404
8
2020-11-10T02:40:42.020445-0800192.168.195.147range.org80GET/.git/HEAD404
9
2020-11-10T02:40:41.964889-0800192.168.195.147range.org80POST/sdk404
10
2020-11-10T02:40:41.966075-0800192.168.195.147(not set)80GET/200
11
2020-11-10T02:40:42.014757-0800192.168.195.147range.org80OPTIONS/200
12
2020-11-10T02:40:42.021529-0800192.168.195.147range.org80OPTIONS/200
13
2020-11-10T02:40:42.064012-0800192.168.195.147range.org80POST/200
14
2020-11-10T02:40:42.015181-0800192.168.195.147range.org80PROPFIND/405
15
2020-11-10T02:40:42.066206-0800192.168.195.147range.org80OPTIONS/200
16
2020-11-10T02:40:42.484434-0800192.168.195.147range.org80OPTIONS/200
17
2020-11-10T02:40:42.071493-0800192.168.195.147range.org80OPTIONS/200
18
2020-11-10T02:40:42.178396-0800192.168.195.147range.org80GET/favicon.ico404
19
2020-11-10T02:40:42.281911-0800192.168.195.147range.org80GET/200
20
2020-11-10T02:40:42.071058-0800192.168.195.147range.org80GET/HNAP1404
SMB 39
Showing 1-20 of 39 items.
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
1
2020-11-10T02:42:35.179108-0800192.168.195.147192.168.195.162NT LANMAN 1.0SMB1_COMMAND_NEGOTIATE_PROTOCOL00
2
2020-11-10T02:42:35.406873-0800192.168.195.147192.168.195.162unknownSMB1_COMMAND_NEGOTIATE_PROTOCOL00
3
2020-11-10T02:42:40.183033-0800192.168.195.147192.168.195.162NT LANMAN 1.0SMB1_COMMAND_NEGOTIATE_PROTOCOL00
4
2020-11-10T02:42:42.364709-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_NEGOTIATE_PROTOCOL00
5
2020-11-10T02:42:42.574737-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_NEGOTIATE_PROTOCOL00
6
2020-11-10T02:42:43.816402-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_SESSION_SETUP_ANDX1000
7
2020-11-10T02:42:42.517585-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_SESSION_SETUP_ANDX00
8
2020-11-10T02:42:42.575013-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_SESSION_SETUP_ANDX1000
9
2020-11-10T02:42:43.932372-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_NEGOTIATE_PROTOCOL00
10
2020-11-10T02:42:43.771230-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_LOGOFF_ANDX1000
11
2020-11-10T02:42:44.059092-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_SESSION_SETUP_ANDX1000
12
2020-11-10T02:42:44.060429-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_TREE_CONNECT_ANDX1011
13
2020-11-10T02:42:44.135080-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_NT_CREATE_ANDX1011
14
2020-11-10T02:42:44.243748-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_TREE_DISCONNECT1011
15
2020-11-10T02:42:44.247302-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_LOGOFF_ANDX1010
16
2020-11-10T02:42:43.972227-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_NEGOTIATE_PROTOCOL00
17
2020-11-10T02:42:44.385859-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_LOGOFF_ANDX1010
18
2020-11-10T02:42:44.385999-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_SESSION_SETUP_ANDX1000
19
2020-11-10T02:42:44.483936-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_SESSION_SETUP_ANDX1000
20
2020-11-10T02:42:44.541492-0800192.168.195.147192.168.195.162NT LM 0.12SMB1_COMMAND_NEGOTIATE_PROTOCOL00
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 2494
Showing 1-20 of 2,494 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-11-10T02:39:53.707240-08001290706087010613flow192.168.195.14649995192.168.195.1571514UDPpcapanalyzer
2
2020-11-10T02:39:53.707240-0800610336022500042flow192.168.195.161138192.168.195.255138UDPpcapanalyzer
3
2020-11-10T02:42:42.517585-08001434830160476929flow0.0.0.068255.255.255.25567UDPpcapanalyzer
4
2020-11-10T02:42:42.517903-08001019710833900289flow192.168.195.25467192.168.195.15768UDPpcapanalyzer
5
2020-11-10T02:42:42.518452-0800844589986612739flow192.168.195.14758653192.168.195.1463007TCPpcapanalyzer
6
2020-11-10T02:42:42.518452-08001266864728737091flow192.168.195.14758653192.168.195.1461112TCPpcapanalyzer
7
2020-11-10T02:42:42.518452-08001830186196805359flow192.168.195.14758653192.168.195.146667TCPpcapanalyzer
8
2020-11-10T02:42:42.518452-08002111682648357302flow192.168.195.14758653192.168.195.1468651TCPpcapanalyzer
9
2020-11-10T02:42:42.519076-0800845079612910205flow192.168.195.14758653192.168.195.1468010TCPpcapanalyzer
10
2020-11-10T02:42:42.520500-08002111899544242579flow192.168.195.14758653192.168.195.1465566TCPpcapanalyzer
11
2020-11-10T02:42:42.520645-08001126842352445996flow192.168.195.14758653192.168.195.14610012TCPpcapanalyzer
12
2020-11-10T02:42:42.526245-08002112309713613924flow192.168.195.14758653192.168.195.14680TCPpcapanalyzer
13
2020-11-10T02:42:42.526245-08001972179963107259flow192.168.195.14758653192.168.195.1464567TCPpcapanalyzer
14
2020-11-10T02:42:42.526245-08001831582061168340flow192.168.195.14758653192.168.195.1464443TCPpcapanalyzer
15
2020-11-10T02:42:42.528192-08002029072287212flow192.168.195.14758653192.168.195.1463372TCPpcapanalyzer
16
2020-11-10T02:42:42.528192-0800565067072577755flow192.168.195.14758653192.168.195.1461875TCPpcapanalyzer
17
2020-11-10T02:42:42.528192-08001409807682802950flow192.168.195.14758653192.168.195.1466881TCPpcapanalyzer
18
2020-11-10T02:42:42.570481-0800283907775968400flow192.168.195.14758653192.168.195.14662078TCPpcapanalyzer
19
2020-11-10T02:42:42.570649-08001972800585899126flow192.168.195.14758653192.168.195.1468292TCPpcapanalyzer
20
2020-11-10T02:42:42.570821-08001128412162964936flow192.168.195.14758653192.168.195.1461026TCPpcapanalyzer
File 149
Showing 1-20 of 149 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-11-10T02:38:54.321148-080096.7.111.240192.168.195.161/en-US/livetile/preinstallXML 1.0 document, UTF-8 Unicode text, with very long lines, with no line terminators4298
2
2020-11-10T02:40:40.399785-0800192.168.195.146192.168.195.147/HTML document, ASCII text10918
3
2020-11-10T02:40:41.962021-0800192.168.195.146192.168.195.147/nmaplowercheck1605004841HTML document, ASCII text271
4
2020-11-10T02:40:41.961400-0800192.168.195.147192.168.195.146/ASCII text, with no line terminators88
5
2020-11-10T02:40:41.964244-0800192.168.195.146192.168.195.147/HTML document, ASCII text10918
6
2020-11-10T02:40:41.960966-0800192.168.195.147192.168.195.146/sdkASCII text, with very long lines, with no line terminators441
7
2020-11-10T02:40:41.964651-0800192.168.195.146192.168.195.147/HTML document, ASCII text300
8
2020-11-10T02:40:42.019847-0800192.168.195.146192.168.195.147/robots.txtHTML document, ASCII text271
9
2020-11-10T02:40:42.020445-0800192.168.195.146192.168.195.147/.git/HEADHTML document, ASCII text271
10
2020-11-10T02:40:41.964889-0800192.168.195.146192.168.195.147/sdkHTML document, ASCII text271
11
2020-11-10T02:40:41.966075-0800192.168.195.146192.168.195.147/HTML document, ASCII text10918
12
2020-11-10T02:40:42.064012-0800192.168.195.146192.168.195.147/HTML document, ASCII text10918
13
2020-11-10T02:40:42.015181-0800192.168.195.146192.168.195.147/HTML document, ASCII text300
14
2020-11-10T02:40:42.178396-0800192.168.195.146192.168.195.147/favicon.icoHTML document, ASCII text271
15
2020-11-10T02:40:42.281911-0800192.168.195.146192.168.195.147/HTML document, ASCII text10918
16
2020-11-10T02:40:42.071058-0800192.168.195.146192.168.195.147/HNAP1HTML document, ASCII text271
17
2020-11-10T02:40:44.882360-0800192.168.195.146192.168.195.147/HTML document, ASCII text10918
18
2020-11-10T02:40:42.071285-0800192.168.195.146192.168.195.147/HTML document, ASCII text300
19
2020-11-10T02:40:42.074147-0800192.168.195.146192.168.195.147/evox/aboutHTML document, ASCII text271
20
2020-11-10T02:40:42.074622-0800192.168.195.146192.168.195.147/HTML document, ASCII text279

Comments(not set)

Update Download PCAP Delete