01-59-54___15-10-2021_raw.pcap

MD54db501c7c4de2552517e02f6adcd9feb
Submission Date2021-10-14 12:14:16
Tags(not set)
Alert 900
Showing 1-20 of 900 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2021-10-14T11:03:52.882800-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
2
2021-10-14T11:03:52.899903-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
3
2021-10-14T11:03:52.901422-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
4
2021-10-14T11:03:53.826881-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
5
2021-10-14T11:03:53.833845-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
6
2021-10-14T11:03:58.062758-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
7
2021-10-14T11:04:01.095001-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
8
2021-10-14T11:04:02.112880-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
9
2021-10-14T11:04:02.170448-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
10
2021-10-14T11:04:09.266180-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
11
2021-10-14T11:04:22.627938-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
12
2021-10-14T11:04:25.773941-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
13
2021-10-14T11:04:26.800692-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
14
2021-10-14T11:04:26.856282-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
15
2021-10-14T11:04:35.107890-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
16
2021-10-14T11:04:43.033523-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
17
2021-10-14T11:04:43.309833-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
18
2021-10-14T11:03:52.885887-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
19
2021-10-14T11:03:52.889029-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
20
2021-10-14T11:03:52.892145-0700192.168.0.5192.168.0.1ET SCAN Possible Nmap User-Agent Observed*
DNS 340
Showing 1-20 of 340 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2021-10-14T11:00:13.174083-0700fe80:0000:0000:0000:8045:82ff:fee9:90f5fe80:0000:0000:0000:a2a3:f0ff:fe9e:7f70queryinfinitedata-pa.googleapis.comA(not set)
2
2021-10-14T11:00:13.149826-0700fe80:0000:0000:0000:8045:82ff:fee9:90f5fe80:0000:0000:0000:a2a3:f0ff:fe9e:7f70queryinfinitedata-pa.googleapis.comAAAA(not set)
3
2021-10-14T11:00:13.225974-0700fe80:0000:0000:0000:a2a3:f0ff:fe9e:7f70fe80:0000:0000:0000:8045:82ff:fee9:90f5answerinfinitedata-pa.googleapis.comA(not set)
4
2021-10-14T11:00:13.172642-0700fe80:0000:0000:0000:a2a3:f0ff:fe9e:7f70fe80:0000:0000:0000:8045:82ff:fee9:90f5answerinfinitedata-pa.googleapis.comAAAA(not set)
5
2021-10-14T11:02:13.575749-0700192.168.0.3192.168.0.1querysgminorshort.wechat.comAAAA(not set)
6
2021-10-14T11:02:13.575820-0700192.168.0.3192.168.0.1querysgminorshort.wechat.comAAAA(not set)
7
2021-10-14T11:02:11.641007-0700192.168.0.3192.168.0.1querydns.weixin.qq.comAAAA(not set)
8
2021-10-14T11:02:11.641064-0700192.168.0.3192.168.0.1querydns.weixin.qq.comAAAA(not set)
9
2021-10-14T11:02:11.641212-0700192.168.0.3192.168.0.1querysgminorshort.wechat.comAAAA(not set)
10
2021-10-14T11:02:11.641245-0700192.168.0.3192.168.0.1querysgminorshort.wechat.comAAAA(not set)
11
2021-10-14T11:02:13.575939-0700192.168.0.3192.168.0.1querydns.weixin.qq.comAAAA(not set)
12
2021-10-14T11:02:13.575973-0700192.168.0.3192.168.0.1querydns.weixin.qq.comAAAA(not set)
13
2021-10-14T11:02:14.762513-0700fe80:0000:0000:0000:8045:82ff:fee9:90f5fe80:0000:0000:0000:a2a3:f0ff:fe9e:7f70querysgminorshort.wechat.comA(not set)
14
2021-10-14T11:02:14.802762-0700fe80:0000:0000:0000:a2a3:f0ff:fe9e:7f70fe80:0000:0000:0000:8045:82ff:fee9:90f5answersgminorshort.wechat.comA(not set)
15
2021-10-14T11:02:19.630088-0700fe80:0000:0000:0000:8045:82ff:fee9:90f5fe80:0000:0000:0000:a2a3:f0ff:fe9e:7f70querydns.weixin.qq.comA(not set)
16
2021-10-14T11:02:19.657371-0700fe80:0000:0000:0000:a2a3:f0ff:fe9e:7f70fe80:0000:0000:0000:8045:82ff:fee9:90f5answerdns.weixin.qq.comA(not set)
17
2021-10-14T11:07:17.133814-0700192.168.0.3192.168.0.1querywww.google.comA(not set)
18
2021-10-14T11:07:17.134098-0700192.168.0.3192.168.0.1querywww.google.comA(not set)
19
2021-10-14T11:07:18.130022-0700192.168.0.3192.168.0.1querywww.google.comA(not set)
20
2021-10-14T11:07:18.130110-0700192.168.0.3192.168.0.1querywww.google.comA(not set)
TLS 948
Showing 1-20 of 948 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2021-10-14T11:03:46.441747-0700192.168.0.5192.168.0.1TLS 1.2(not set)
2
2021-10-14T11:04:07.151221-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
3
2021-10-14T11:04:07.152579-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
4
2021-10-14T11:04:15.873055-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
5
2021-10-14T11:04:15.874229-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
6
2021-10-14T11:04:15.874322-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
7
2021-10-14T11:04:15.945367-0700192.168.0.5192.168.0.1TLS 1.2(not set)
8
2021-10-14T11:04:25.969801-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
9
2021-10-14T11:04:25.971226-0700192.168.0.5192.168.0.1TLS 1.2(not set)
10
2021-10-14T11:04:34.790883-0700192.168.0.5192.168.0.1SSLv2(not set)
11
2021-10-14T11:03:37.312981-0700192.168.0.5192.168.0.1TLS 1.2(not set)
12
2021-10-14T11:04:43.210127-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
13
2021-10-14T11:04:43.215553-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
14
2021-10-14T11:04:43.220416-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
15
2021-10-14T11:04:43.222695-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
16
2021-10-14T11:04:43.233354-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
17
2021-10-14T11:04:43.245369-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
18
2021-10-14T11:04:43.257844-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
19
2021-10-14T11:04:43.310914-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
20
2021-10-14T11:04:43.311732-0700192.168.0.5192.168.0.1UNDETERMINED(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 989
Showing 1-20 of 989 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2021-10-14T11:02:14.905181-0700192.168.0.3sgminorshort.wechat.com80POST/mmtls/57872adc200
2
2021-10-14T11:02:14.883994-0700192.168.0.5sgminorshort.wechat.com80POST/mmtls/57872adc200
3
2021-10-14T11:02:19.792292-0700192.168.0.5dns.weixin.qq.com80POST/mmtls/3cf6c791200
4
2021-10-14T11:04:08.775591-0700192.168.0.5realtek443POST/IPHTTPS(not set)
5
2021-10-14T11:08:09.721438-0700192.168.0.5192.168.0.180GET/9f32f406d9fdef90d3047147b7c2dc3c24f1cacf.htm(not set)
6
2021-10-14T11:08:19.874590-0700192.168.0.5192.168.0.180GET/Listadeparametros.html(not set)
7
2021-10-14T11:08:09.656761-0700192.168.0.5192.168.0.180GET/system/user/scn_user_list(not set)
8
2021-10-14T11:08:09.744873-0700192.168.0.5192.168.0.180GET//cmdownloads/?CMDsearch=%22%2ebase64_decode%28%22Q0tLUEFRS0JIR0tEUEZR%22%29%2e%22(not set)
9
2021-10-14T11:08:30.013084-0700192.168.0.5(not set)80GET/images(not set)
10
2021-10-14T11:08:50.468488-0700192.168.0.5192.168.0.180GET/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E//etc/vmware/hostd/vmInventory.xml(not set)
11
2021-10-14T11:08:50.338130-0700192.168.0.5192.168.0.180GET/zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../dev/null%00(not set)
12
2021-10-14T11:08:50.338313-0700192.168.0.5192.168.0.180GET/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd(not set)
13
2021-10-14T11:08:50.425149-0700192.168.0.5192.168.0.180GET/clientaccesspolicy.xml(not set)
14
2021-10-14T11:08:50.425309-0700192.168.0.5192.168.0.180GET/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/vmware/hostd/vmInventory.xml(not set)
15
2021-10-14T11:08:50.604583-0700192.168.0.5192.168.0.180GET/zimbra/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00(not set)
16
2021-10-14T11:08:50.645722-0700192.168.0.5192.168.0.180GET/../../../../../../../../../../etc/passwd(not set)
17
2021-10-14T11:08:51.603871-0700192.168.0.5192.168.0.180GET/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\ColdFusion8\lib\password.properties%00en(not set)
18
2021-10-14T11:08:50.814304-0700192.168.0.5192.168.0.180GET/../../../../../../../../../../boot.ini(not set)
19
2021-10-14T11:08:50.845660-0700192.168.0.5192.168.0.180HEAD/301
20
2021-10-14T11:08:50.881787-0700192.168.0.5192.168.0.180GET/CFIDE/administrator/enter.cfm?locale=..\..\..\..\..\..\..\..\CFusionMX7\lib\password.properties%00en(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 17546
Showing 1-20 of 17,546 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2021-10-14T11:02:14.884058-0700861969606677291flow192.168.0.53759249.51.36.19780TCPpcapanalyzer
2
2021-10-14T11:02:14.884058-070048294494213112flow2404:6800:4001:080a:0000:0000:0000:200a4432001:0e68:5409:a214:685f:7d56:0a45:958445326TCPpcapanalyzer
3
2021-10-14T11:02:14.884058-07002083196313826901flow192.168.0.11024192.168.0.56666TCPpcapanalyzer
4
2021-10-14T11:02:14.884058-07001679160152063146flow2404:6800:4001:0800:0000:0000:0000:200a4432001:0e68:5409:a214:685f:7d56:0a45:958437486TCPpcapanalyzer
5
2021-10-14T11:02:14.884058-0700557542324729713flow192.168.0.54208420.205.243.168443TCPpcapanalyzer
6
2021-10-14T11:08:50.660253-07001827493286644043flow2404:6800:4001:080e:0000:0000:0000:20034432001:0e68:5409:a214:685f:7d56:0a45:958441160TCPpcapanalyzer
7
2021-10-14T11:08:50.660253-07001419563742642362flowfe80:0000:0000:0000:a2a3:f0ff:fe9e:7f70(not set)ff02:0000:0000:0000:0000:0000:0000:0001(not set)IPv6-ICMPpcapanalyzer
8
2021-10-14T11:08:50.660253-07001460024482449391flow192.168.0.319344192.168.0.153UDPpcapanalyzer
9
2021-10-14T11:08:50.660253-0700389452344445189flow192.168.0.316220192.168.0.153UDPpcapanalyzer
10
2021-10-14T11:08:50.660253-07001094945819969987flow192.168.0.327816192.168.0.153UDPpcapanalyzer
11
2021-10-14T11:08:50.660253-0700251392768067772flow192.168.0.313555192.168.0.153UDPpcapanalyzer
12
2021-10-14T11:08:50.660253-07001151257136587461flow192.168.0.348824101.32.104.48080TCPpcapanalyzer
13
2021-10-14T11:08:50.660253-07001201448124008840flow192.168.0.350734101.32.104.1778080TCPpcapanalyzer
14
2021-10-14T11:08:50.660253-0700683713438664178flow192.168.0.346242159.138.85.1115223TCPpcapanalyzer
15
2021-10-14T11:08:50.660253-0700287556396648839flow192.168.0.522814192.168.0.11111UDPpcapanalyzer
16
2021-10-14T11:08:50.660253-07001377333478189762flow192.168.0.357284101.32.104.4443TCPpcapanalyzer
17
2021-10-14T11:08:50.660253-07001940770913314781flow192.168.0.536666192.168.0.31111UDPpcapanalyzer
18
2021-10-14T11:08:50.660253-0700554114948617143flow192.168.0.346408159.138.85.1115223TCPpcapanalyzer
19
2021-10-14T11:08:50.660253-07001406496309328066flow192.168.0.537403192.168.0.130712UDPpcapanalyzer
20
2021-10-14T11:08:50.660253-07001017275633568806flow192.168.0.348836101.32.104.48080TCPpcapanalyzer
File 315
Showing 1-20 of 315 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2021-10-14T11:02:14.846874-0700192.168.0.5101.32.133.209/mmtls/57872adcdata566
2
2021-10-14T11:02:13.621924-0700192.168.0.3101.32.133.209/mmtls/57872adcdata566
3
2021-10-14T11:02:14.905181-0700101.32.133.209192.168.0.3/mmtls/57872adcdata245
4
2021-10-14T11:02:14.883994-0700101.32.133.209192.168.0.5/mmtls/57872adcdata245
5
2021-10-14T11:02:19.791899-0700192.168.0.5101.32.104.177/mmtls/3cf6c791data612
6
2021-10-14T11:02:18.471064-0700192.168.0.3101.32.104.104/mmtls/3cf6c791data612
7
2021-10-14T11:02:19.792292-0700101.32.104.177192.168.0.5/mmtls/3cf6c791data2487
8
2021-10-14T11:03:46.640458-0700192.168.0.5192.168.0.1/ASCII text, with no line terminators88
9
2021-10-14T11:03:46.783495-0700192.168.0.5192.168.0.1/ASCII text, with no line terminators88
10
2021-10-14T11:07:52.527163-0700192.168.0.5192.168.0.1/XML 1.0 document, ASCII text86
11
2021-10-14T11:07:52.579226-0700192.168.0.5192.168.0.1/XML 1.0 document, ASCII text86
12
2021-10-14T11:07:52.579006-0700192.168.0.5192.168.0.1/phpMyAdmin-2.6.4-pl1/libraries/grab_globals.lib.phpASCII text, with no line terminators100
13
2021-10-14T11:07:52.527070-0700192.168.0.5192.168.0.1/user/loginASCII text, with very long lines, with no line terminators521
14
2021-10-14T11:08:00.746654-0700192.168.0.5192.168.0.1/user/loginASCII text, with no line terminators62
15
2021-10-14T11:08:00.804523-0700192.168.0.5192.168.0.1/XML 1.0 document, ASCII text105
16
2021-10-14T11:07:59.835123-0700192.168.0.5192.168.0.1/phpMyAdmin-2.6.4-pl1/libraries/grab_globals.lib.phpASCII text, with no line terminators100
17
2021-10-14T11:08:00.747956-0700192.168.0.5192.168.0.1/XML 1.0 document, ASCII text105
18
2021-10-14T11:08:18.045503-0700192.168.0.5192.168.0.1/PHP script, ASCII text, with no line terminators52
19
2021-10-14T11:08:19.105372-0700192.168.0.5192.168.0.1/PHP script, ASCII text, with no line terminators52
20
2021-10-14T11:08:27.232331-0700192.168.0.5192.168.0.1/PHP script, ASCII text, with no line terminators34

Comments(not set)

Update Download PCAP Delete