Grant Dept Network_MS-West Annex_IF-11.pcap

MD5	5bf608078792182cb40ce2b573ac8c9d
Submission Date	2021-04-07 07:52:20
Tags	(not set)

Alert 0

#		Timestamp	Src Ip	Dest Ip	Alert Signature	P
No results found.

DNS 72

Showing 1-20 of 72 items.

Timestamp

Src Ip

Dest Ip

Dns Type

Resource Record Name

Resource Record Type

Resource Data

2021-04-07T06:42:25.423287-0700

192.168.252.151

192.168.254.100

query

ds.agomo.com

(not set)

2021-04-07T06:43:17.147396-0700

192.168.252.151

192.168.254.100

query

clients2.google.com

(not set)

2021-04-07T06:42:29.490454-0700

192.168.252.151

192.168.254.100

query

dc1-st.ksn.kaspersky-labs.com

(not set)

2021-04-07T06:42:25.439588-0700

192.168.254.100

192.168.252.151

answer

ds.agomo.com

(not set)

2021-04-07T06:43:15.036972-0700

192.168.252.151

192.168.254.100

query

imap.gmail.com

(not set)

2021-04-07T06:43:15.069893-0700

192.168.254.100

192.168.252.151

answer

imap.gmail.com

(not set)

2021-04-07T06:43:17.195525-0700

192.168.254.100

192.168.252.151

answer

clients2.google.com

(not set)

2021-04-07T06:43:29.665008-0700

192.168.252.151

192.168.254.100

query

ds.agomo.com

(not set)

2021-04-07T06:43:29.699051-0700

192.168.254.100

192.168.252.151

answer

ds.agomo.com

(not set)

2021-04-07T06:42:29.498615-0700

192.168.254.100

192.168.252.151

answer

dc1-st.ksn.kaspersky-labs.com

(not set)

2021-04-07T06:42:53.752280-0700

192.168.252.151

192.168.254.100

query

wsus.mahi.local

(not set)

2021-04-07T06:42:53.769003-0700

192.168.254.100

192.168.252.151

answer

wsus.mahi.local

(not set)

2021-04-07T06:43:16.115386-0700

192.168.252.151

192.168.254.100

query

smtp.gmail.com

(not set)

2021-04-07T06:43:16.194976-0700

192.168.254.100

192.168.252.151

answer

smtp.gmail.com

(not set)

2021-04-07T06:43:17.217621-0700

192.168.252.151

192.168.254.100

query

checkappexec.microsoft.com

(not set)

2021-04-07T06:43:17.264586-0700

192.168.254.100

192.168.252.151

answer

checkappexec.microsoft.com

(not set)

2021-04-07T06:44:33.875360-0700

192.168.252.151

192.168.254.100

query

ds.agomo.com

(not set)

2021-04-07T06:44:33.906681-0700

192.168.254.100

192.168.252.151

answer

ds.agomo.com

(not set)

2021-04-07T06:42:53.752280-0700

192.168.252.151

192.168.254.100

query

wsus.mahi.local

(not set)

2021-04-07T06:42:53.769003-0700

192.168.254.100

192.168.252.151

answer

wsus.mahi.local

(not set)

TLS 44

Showing 1-20 of 44 items.

Timestamp

Source IP

Destination IP

TLS Version

Server Name Indication

2021-04-07T06:42:25.546538-0700

192.168.252.151

52.70.10.94

TLS 1.2

(not set)

2021-04-07T06:42:29.667109-0700

192.168.252.151

38.113.165.138

TLS 1.2

dc1-st.ksn.kaspersky-labs.com

2021-04-07T06:43:15.122387-0700

192.168.252.151

142.250.113.108

TLS 1.2

imap.gmail.com

2021-04-07T06:43:17.248291-0700

192.168.252.151

142.250.113.100

TLS 1.2

clients2.google.com

2021-04-07T06:43:17.327829-0700

192.168.252.151

70.37.97.229

TLS 1.2

checkappexec.microsoft.com

2021-04-07T06:43:28.363792-0700

192.168.252.151

23.102.183.116

TLS 1.2

euc03.evo-ams.com

2021-04-07T06:43:29.849022-0700

192.168.252.151

52.70.10.94

TLS 1.2

(not set)

2021-04-07T06:43:53.096785-0700

192.168.252.151

192.168.254.17

TLS 1.2

mail.ahsti.org

2021-04-07T06:43:55.335610-0700

192.168.252.151

38.113.165.138

TLS 1.2

dc1.ksn.kaspersky-labs.com

2021-04-07T06:44:34.014472-0700

192.168.252.151

3.211.80.175

TLS 1.2

(not set)

2021-04-07T06:43:16.243089-0700

192.168.252.151

142.250.138.108

TLS 1.2

smtp.gmail.com

2021-04-07T06:42:25.546538-0700

192.168.252.151

52.70.10.94

TLS 1.2

(not set)

2021-04-07T06:42:29.667109-0700

192.168.252.151

38.113.165.138

TLS 1.2

dc1-st.ksn.kaspersky-labs.com

2021-04-07T06:43:16.243089-0700

192.168.252.151

142.250.138.108

TLS 1.2

smtp.gmail.com

2021-04-07T06:43:17.248291-0700

192.168.252.151

142.250.113.100

TLS 1.2

clients2.google.com

2021-04-07T06:43:28.363792-0700

192.168.252.151

23.102.183.116

TLS 1.2

euc03.evo-ams.com

2021-04-07T06:43:29.849022-0700

192.168.252.151

52.70.10.94

TLS 1.2

(not set)

2021-04-07T06:43:53.096785-0700

192.168.252.151

192.168.254.17

TLS 1.2

mail.ahsti.org

2021-04-07T06:43:55.335610-0700

192.168.252.151

38.113.165.138

TLS 1.2

dc1.ksn.kaspersky-labs.com

2021-04-07T06:43:15.122387-0700

192.168.252.151

142.250.113.108

TLS 1.2

imap.gmail.com

TFTP 0

#	Timestamp	Src Ip	Dest Ip	Tftp Packet	Tftp File	Tftp Mode
No results found.

HTTP 0

#		Timestamp	Source	Hostname	Port	Method	URL	Status
No results found.

SMB 216

Showing 1-20 of 216 items.

Timestamp

Src Ip

Dest Ip

SMB Dialect

Command

Session

Tree

2021-04-07T06:42:49.525258-0700

192.168.252.180

192.168.252.151

2.??

SMB1_COMMAND_NEGOTIATE_PROTOCOL

2021-04-07T06:42:49.528446-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_NEGOTIATE_PROTOCOL

2021-04-07T06:42:49.532796-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_SESSION_SETUP

774062494187573

2021-04-07T06:42:49.534388-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_TREE_CONNECT

774062494187573

2021-04-07T06:42:49.537276-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_IOCTL

774062494187573

2021-04-07T06:42:49.537276-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_CREATE

774062494187573

2021-04-07T06:42:49.542762-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_WRITE

774062494187573

2021-04-07T06:42:49.544635-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_IOCTL

774062494187573

2021-04-07T06:42:49.546260-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_IOCTL

774062494187573

2021-04-07T06:42:49.552413-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_CLOSE

774062494187573

2021-04-07T06:42:49.552508-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_CREATE

774062494187573

2021-04-07T06:42:49.556386-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_WRITE

774062494187573

2021-04-07T06:42:49.558107-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_IOCTL

774062494187573

2021-04-07T06:42:49.559913-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_IOCTL

774062494187573

2021-04-07T06:42:49.564117-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_CLOSE

774062494187573

2021-04-07T06:42:49.565701-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_CREATE

774062494187573

2021-04-07T06:42:49.569908-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_WRITE

774062494187573

2021-04-07T06:42:49.572591-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_IOCTL

774062494187573

2021-04-07T06:42:49.574649-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_IOCTL

774062494187573

2021-04-07T06:42:49.616409-0700

192.168.252.180

192.168.252.151

3.11

SMB2_COMMAND_CLOSE

774062494187573

SMTP 0

#		Timestamp	Source	Destination	Email From	Email To	Subject
No results found.

Flow 202

Showing 1-20 of 202 items.

Timestamp

Flow Id

Event Type

Source

Source Port

Destination

Destination Port

Protocol

Host

2021-04-07T06:45:12.688311-0700

1131095590479212

flow

192.168.252.151

55337

192.168.254.216

8530

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

857342962509959

flow

192.168.252.151

138

192.168.252.255

138

UDP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

1149727156812380

flow

192.168.252.151

55288

66.110.49.114

443

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

166415872056304

flow

192.168.252.151

57900

239.255.255.250

1900

UDP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

309219238462234

flow

192.168.252.151

55336

192.168.254.216

8530

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

618491242628640

flow

192.168.252.151

55304

38.113.165.138

443

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

61528475360034

flow

192.168.252.151

55317

23.102.183.116

443

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

1078254606616993

flow

192.168.252.151

55285

38.113.165.142

443

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

521386331985698

flow

192.168.252.151

58141

239.255.255.250

3702

UDP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

665718703008292

flow

192.168.252.151

55054

13.65.248.103

443

UDP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

668390171736605

flow

192.168.252.151

55330

38.113.165.110

443

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

532475937542334

flow

fe80:0000:0000:0000:f199:967e:e3c6:df75

58142

ff02:0000:0000:0000:0000:0000:0000:000c

3702

UDP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

1821099262870646

flow

54.157.166.45

443

192.168.252.151

55328

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

1197710533429276

flow

192.168.252.151

55338

192.168.254.216

8530

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

664924133114548

flow

192.168.252.151

55329

52.70.10.94

443

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

705112141496941

flow

192.168.252.151

54876

192.168.254.17

443

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

143214455924566

flow

192.168.252.151

55335

38.113.165.138

443

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

1269178795383648

flow

192.168.252.151

65478

192.168.254.100

UDP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

853142484164233

flow

192.168.252.151

54822

52.242.211.89

443

TCP

pcapanalyzer

2021-04-07T06:45:12.688311-0700

853657879627634

flow

192.168.252.151

55294

130.117.190.228

443

TCP

pcapanalyzer

File 0

#		Timestamp	Source	Destination	File Name	File Magic	File Size
No results found.

Comments	(not set)

Update Download PCAP Delete