1.pcap

MD584c89c6c3dbf155149d26a0e5a4ce5d9
Submission Date2021-03-20 04:18:23
Tags(not set)
Alert 947
Showing 1-20 of 947 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2012-03-16T09:36:12.830000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
2
2012-03-16T09:36:12.870000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
3
2012-03-16T09:36:12.810000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
4
2012-03-16T09:36:12.830000-0700192.168.202.102192.168.23.202ET POLICY Http Client Body contains passwd= in cleartext*
5
2012-03-16T09:36:12.860000-0700192.168.202.102192.168.23.202ET POLICY Http Client Body contains passwd= in cleartext*
6
2012-03-16T09:36:12.960000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
7
2012-03-16T09:36:12.970000-0700192.168.202.102192.168.23.202ET POLICY Http Client Body contains passwd= in cleartext*
8
2012-03-16T09:36:13.030000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
9
2012-03-16T09:36:12.930000-0700192.168.202.102192.168.23.202ET POLICY Http Client Body contains passwd= in cleartext*
10
2012-03-16T09:36:12.890000-0700192.168.202.102192.168.23.202ET POLICY Http Client Body contains passwd= in cleartext*
11
2012-03-16T09:36:12.890000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
12
2012-03-16T09:36:13.070000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
13
2012-03-16T09:36:12.930000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
14
2012-03-16T09:36:12.990000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
15
2012-03-16T09:36:13.100000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
16
2012-03-16T09:36:13.000000-0700192.168.202.102192.168.23.202ET POLICY Http Client Body contains passwd= in cleartext*
17
2012-03-16T09:36:13.180000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
18
2012-03-16T09:36:13.010000-0700192.168.202.102192.168.26.202ET POLICY Http Client Body contains passwd= in cleartext*
19
2012-03-16T09:36:13.230000-0700192.168.202.102192.168.23.202ET POLICY Http Client Body contains passwd= in cleartext*
20
2012-03-16T09:36:13.030000-0700192.168.202.102192.168.23.202ET POLICY Http Client Body contains passwd= in cleartext*
DNS 141
Showing 1-20 of 141 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2012-03-16T09:36:13.020000-070010.10.117.210192.168.207.4queryteredo.ipv6.microsoft.comA(not set)
2
2012-03-16T09:36:13.010000-070010.10.117.209192.168.207.4query_autodiscover._tcp.soleranetworks.comSRV(not set)
3
2012-03-16T09:36:13.800000-070010.10.117.210192.168.207.4querystats.norton.comA(not set)
4
2012-03-16T09:36:13.920000-070010.10.117.209192.168.207.4queryteredo.ipv6.microsoft.comA(not set)
5
2012-03-16T09:36:14.270000-070010.10.117.210192.168.207.4queryteredo.ipv6.microsoft.comA(not set)
6
2012-03-16T09:36:14.690000-070010.10.117.210192.168.207.4queryratings-wrs.symantec.comA(not set)
7
2012-03-16T09:36:14.260000-0700192.168.202.75192.168.207.4queryd.dropbox.comA(not set)
8
2012-03-16T09:36:14.260000-0700192.168.202.75192.168.207.4queryd.dropbox.comA(not set)
9
2012-03-16T09:36:14.520000-0700192.168.25.25192.168.207.4query253.25.168.192.in-addr.arpaPTR(not set)
10
2012-03-16T09:36:14.520000-0700192.168.202.10668.87.75.198querywww.apple.comA(not set)
11
2012-03-16T09:36:14.520000-0700192.168.202.10668.87.75.198queryrssfeeds.usatoday.comA(not set)
12
2012-03-16T09:36:14.540000-0700192.168.229.252192.168.207.4querydns.msftncsi.comA(not set)
13
2012-03-16T09:36:14.800000-070010.10.117.209192.168.207.4querystats.norton.comA(not set)
14
2012-03-16T09:36:14.980000-0700192.168.25.25192.168.207.4queryurs.microsoft.comA(not set)
15
2012-03-16T09:36:15.070000-0700192.168.203.63192.168.207.4queryimap.gmail.comAAAA(not set)
16
2012-03-16T09:36:14.990000-070010.10.117.210192.168.207.4querytoolbarqueries.clients.google.comA(not set)
17
2012-03-16T09:36:15.070000-0700192.168.203.63192.168.207.4queryimap.gmail.comA(not set)
18
2012-03-16T09:36:15.070000-0700192.168.203.63192.168.207.4queryimap.gmail.comAAAA(not set)
19
2012-03-16T09:36:15.070000-0700192.168.203.63192.168.207.4queryimap.gmail.comA(not set)
20
2012-03-16T09:36:15.170000-070010.10.117.209192.168.207.4queryhb.lifecycle.norton.comA(not set)
TLS 2
Showing 1-2 of 2 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2012-03-16T09:36:16.580000-0700192.168.202.76192.168.26.254TLSv1(not set)
2
2012-03-16T09:36:20.320000-0700192.168.202.65192.168.201.2TLSv1(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 1065
Showing 1-20 of 1,065 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2012-03-16T09:36:12.800000-0700192.168.202.102192.168.23.20280GET/q69812368404
2
2012-03-16T09:36:12.830000-0700192.168.202.102192.168.23.20280GET/q19324458404
3
2012-03-16T09:36:12.810000-0700192.168.202.102192.168.26.20280POST/main.php200
4
2012-03-16T09:36:12.870000-0700192.168.202.102192.168.26.20280POST/main.php200
5
2012-03-16T09:36:12.830000-0700192.168.202.102192.168.26.20280POST/main.php200
6
2012-03-16T09:36:12.830000-0700192.168.202.102192.168.23.20280POST/main.php200
7
2012-03-16T09:36:12.870000-0700192.168.202.102192.168.23.20280POST/main.php200
8
2012-03-16T09:36:12.960000-0700192.168.202.102192.168.26.20280POST/main.php200
9
2012-03-16T09:36:12.970000-0700192.168.202.102192.168.23.20280POST/main.php200
10
2012-03-16T09:36:13.040000-0700192.168.202.102192.168.26.20280POST/main.php200
11
2012-03-16T09:36:12.930000-0700192.168.202.102192.168.23.20280POST/main.php200
12
2012-03-16T09:36:12.890000-0700192.168.202.102192.168.23.20280POST/main.php200
13
2012-03-16T09:36:12.890000-0700192.168.202.102192.168.23.20280GET/q19324458404
14
2012-03-16T09:36:12.890000-0700192.168.202.102192.168.26.20280POST/main.php200
15
2012-03-16T09:36:13.070000-0700192.168.202.102192.168.26.20280POST/main.php200
16
2012-03-16T09:36:12.930000-0700192.168.202.102192.168.26.20280POST/main.php200
17
2012-03-16T09:36:12.990000-0700192.168.202.102192.168.26.20280POST/main.php200
18
2012-03-16T09:36:13.100000-0700192.168.202.102192.168.26.20280POST/main.php200
19
2012-03-16T09:36:13.000000-0700192.168.202.102192.168.23.20280GET/q82494868404
20
2012-03-16T09:36:13.190000-0700192.168.202.102192.168.26.20280POST/main.php200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 2252
Showing 1-20 of 2,252 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2012-03-16T09:36:25.550000-070012549381136flow192.168.202.8360608192.168.206.4419283TCPpcapanalyzer
2
2012-03-16T09:36:25.550000-0700562977535000128flow192.168.202.1024714192.168.23.20280TCPpcapanalyzer
3
2012-03-16T09:36:25.550000-07001548279540227760flow192.168.202.7652236157.55.56.14580TCPpcapanalyzer
4
2012-03-16T09:36:25.550000-07001689096485362528flow192.168.202.1024954192.168.23.20280TCPpcapanalyzer
5
2012-03-16T09:36:25.550000-07001407625803629344flow192.168.202.8344535192.168.206.445003TCPpcapanalyzer
6
2012-03-16T09:36:25.550000-0700281934202680576flow192.168.202.8352815192.168.206.44465TCPpcapanalyzer
7
2012-03-16T09:36:25.550000-07001830143211663168flow192.168.202.1021448192.168.26.20280TCPpcapanalyzer
8
2012-03-16T09:36:25.550000-07001970921501927984flow192.168.202.8350746192.168.206.4410629TCPpcapanalyzer
9
2012-03-16T09:36:25.550000-07001548794936207920flow192.168.202.8353848192.168.206.4488TCPpcapanalyzer
10
2012-03-16T09:36:25.550000-07001830276355369520flow192.168.202.8351596192.168.206.441059TCPpcapanalyzer
11
2012-03-16T09:36:25.550000-0700695449281200flow192.168.202.1021160192.168.28.20280TCPpcapanalyzer
12
2012-03-16T09:36:25.550000-07001126644748157728flow192.168.202.8351249192.168.206.44593TCPpcapanalyzer
13
2012-03-16T09:36:25.550000-07001126664075342704flow192.168.202.1024717192.168.26.20280TCPpcapanalyzer
14
2012-03-16T09:36:25.550000-0700423030320825120flow192.168.202.8350959192.168.206.443800TCPpcapanalyzer
15
2012-03-16T09:36:25.550000-07001830450301525008flow192.168.202.8341840192.168.206.441088TCPpcapanalyzer
16
2012-03-16T09:36:25.550000-07001549007537079072flow192.168.202.8356303192.168.206.441000TCPpcapanalyzer
17
2012-03-16T09:36:25.550000-07001689818040165936flow192.168.202.1021408192.168.23.20280TCPpcapanalyzer
18
2012-03-16T09:36:25.550000-0700282505433763088flow192.168.202.1021717192.168.26.20280TCPpcapanalyzer
19
2012-03-16T09:36:25.550000-0700141866729243424flow192.168.202.8335911192.168.206.441175TCPpcapanalyzer
20
2012-03-16T09:36:25.550000-0700282700854372912flow192.168.202.8349409192.168.206.441036TCPpcapanalyzer
File 2010
Showing 1-20 of 2,010 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2012-03-16T09:36:12.790000-0700192.168.202.102192.168.26.202/main.phpASCII text, with no line terminators177
2
2012-03-16T09:36:12.850000-0700192.168.202.102192.168.26.202/main.phpASCII text, with no line terminators172
3
2012-03-16T09:36:12.810000-0700192.168.202.102192.168.26.202/main.phpASCII text, with no line terminators127
4
2012-03-16T09:36:12.800000-0700192.168.23.202192.168.202.102/q69812368HTML document, ASCII text287
5
2012-03-16T09:36:12.830000-0700192.168.23.202192.168.202.102/q19324458HTML document, ASCII text287
6
2012-03-16T09:36:12.810000-0700192.168.26.202192.168.202.102/main.phpHTML document, ASCII text, with CRLF line terminators7783
7
2012-03-16T09:36:12.870000-0700192.168.26.202192.168.202.102/main.phpHTML document, ASCII text, with CRLF line terminators7783
8
2012-03-16T09:36:12.830000-0700192.168.26.202192.168.202.102/main.phpHTML document, ASCII text, with CRLF line terminators7783
9
2012-03-16T09:36:12.810000-0700192.168.202.102192.168.23.202/main.phpASCII text, with no line terminators135
10
2012-03-16T09:36:12.830000-0700192.168.23.202192.168.202.102/main.phpHTML document, ASCII text, with CRLF line terminators7783
11
2012-03-16T09:36:12.940000-0700192.168.202.102192.168.26.202/main.phpASCII text, with no line terminators127
12
2012-03-16T09:36:12.850000-0700192.168.202.102192.168.23.202/main.phpASCII text, with no line terminators130
13
2012-03-16T09:36:12.870000-0700192.168.202.102192.168.23.202/main.phpASCII text, with no line terminators129
14
2012-03-16T09:36:12.960000-0700192.168.202.102192.168.23.202/main.phpASCII text, with no line terminators133
15
2012-03-16T09:36:12.870000-0700192.168.23.202192.168.202.102/main.phpHTML document, ASCII text, with CRLF line terminators7783
16
2012-03-16T09:36:12.960000-0700192.168.26.202192.168.202.102/main.phpHTML document, ASCII text, with CRLF line terminators7783
17
2012-03-16T09:36:12.970000-0700192.168.23.202192.168.202.102/main.phpHTML document, ASCII text, with CRLF line terminators7783
18
2012-03-16T09:36:12.880000-0700192.168.202.102192.168.26.202/main.phpASCII text, with no line terminators127
19
2012-03-16T09:36:12.920000-0700192.168.202.102192.168.23.202/main.phpASCII text, with no line terminators138
20
2012-03-16T09:36:13.020000-0700192.168.202.102192.168.26.202/main.phpASCII text, with no line terminators175

Comments(not set)

Update Download PCAP Delete